Skip to main content

Eclipse Theia CVE-2026-44691

| EUVDEUVD-2026-37901 HIGH
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
2026-06-18 eclipse GHSA-g9jw-92q7-g7fj
8.4
CVSS 4.0 · Vendor: eclipse
Share

Severity by source

Vendor (eclipse) PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Malicious workspace must reach the local filesystem (AV:L) and the user must open it / run a task (UI:R); no auth needed (PR:N); arbitrary command execution as user gives full CIA impact within the user's scope.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (eclipse).

CVSS VectorVendor: eclipse

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jun 18, 2026 - 17:02 EUVD
Analysis Generated
Jun 18, 2026 - 15:56 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 8 npm packages depend on @theia/debug (4 direct, 4 indirect)
  • 9 npm packages depend on @theia/task (3 direct, 6 indirect)
  • 57 npm packages depend on @theia/workspace (35 direct, 22 indirect)

Ecosystem-wide dependent count for version 1.69.0 and other introduced versions.

DescriptionCVE.org

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges. In combination with AI chat features and a workspace .theia/settings.json that disabled tool confirmation, this could be triggered automatically by sending a message in the AI chat.

AnalysisAI

Arbitrary command execution in Eclipse Theia versions prior to 1.69.0 allows a malicious repository to run host commands with the user's privileges when its workspace is opened, because custom task definitions in .theia/tasks.json or .vscode/tasks.json bypass the workspace trust gate. When the victim has also enabled AI chat with tool confirmation disabled via a workspace .theia/settings.json, the chain triggers automatically on the first chat message. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Publish malicious Git repo with .theia/tasks.json
Delivery
Victim clones and opens workspace in Theia <1.69.0
Exploit
Workspace-trust gate skipped for custom task
Execution
Task shell command executes as user
Persist
Optional AI chat message triggers suppressed tool confirmation
Impact
Persistent foothold on developer workstation

Vulnerability AssessmentAI

Exploitation Requires the victim to open an attacker-controlled workspace in Eclipse Theia <1.69.0 that contains a crafted .theia/tasks.json or .vscode/tasks.json defining a custom task; the user must perform an action that runs the task (UI:A in the CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 score of 8.4 (AV:L/AC:L/PR:N/UI:A/VC:H/VI:H/VA:H) accurately reflects a high-impact but interaction-dependent flaw: code execution as the logged-in user, requiring the victim to clone and open a malicious workspace. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker publishes an attractive-looking repository (e.g., a CTF writeup, library fork, or job-interview take-home) containing a .theia/tasks.json with a malicious shell task and, optionally, a .theia/settings.json that disables AI tool confirmation. A developer clones the repo and opens it in Theia; either Theia auto-runs a default task or the attacker's social-engineering README prompts a benign-looking action that fires the task, executing commands as the user. …
Remediation Vendor-released patch: Eclipse Theia 1.69.0 - upgrade to 1.69.0 or later, which enforces workspace trust before honoring custom task definitions from workspace files. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct an asset inventory to identify all Eclipse Theia installations with versions < 1.69.0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44691 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy