Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Network-reachable unauthenticated (PR:N) cross-site WebSocket hijack yielding OS command execution (C/I/A:H), but requires the victim to visit a malicious page, so UI:R and scope unchanged.
Primary rating from Vendor (eclipse).
CVSS VectorVendor: eclipse
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication.
WebSocket origin validation in @theia/core is fail-open: connections are accepted when the Origin header is missing or when no THEIA_HOSTS allowlist is configured (the default). The Socket.IO integration additionally replaces the real Origin header with a client-supplied fix-origin header that an attacker can control or omit.
As a result, a foreign-origin web page visited by a user with a running Theia instance can open the /services WebSocket namespace, invoke terminal creation, attach to the resulting terminal data channel, execute arbitrary OS commands, and read their output. This affects both local developer setups (drive-by attack) and hosted or tunneled deployments without strong external authentication.
A fix is in development that enforces same-origin validation by default, removes trust in the fix-origin header, gates HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitizes shell terminal creation options.
AnalysisAI
Cross-site WebSocket hijacking in Eclipse Theia's browser backend (versions 1.8.1 and later) lets a foreign-origin web page reach the unauthenticated /services shell-terminal RPC namespace and execute arbitrary OS commands on the victim's host. The flaw stems from fail-open Origin validation in @theia/core combined with a client-controllable fix-origin header, so simply luring a developer running Theia to a malicious site yields remote code execution. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the victim have a running Eclipse Theia browser-backend (1.8.1+) reachable from their browser AND that they visit an attacker-controlled web page while it is running - that user interaction (UI:R) is the primary prerequisite and the main limiting factor. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H = 8.8) is internally consistent with the description: network-reachable, low complexity, no authentication (PR:N, so unauthenticated), but requiring the victim to visit an attacker-controlled page (UI:R) with full RCE impact across confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a malicious web page containing JavaScript that opens a WebSocket to a developer's locally running Theia backend (e.g. ws://localhost:3000/services), omitting or spoofing the Origin/fix-origin header to pass the fail-open check. … |
| Remediation | No vendor-released patch identified at time of analysis - the advisory states a fix is in development that will enforce same-origin validation by default, remove trust in the fix-origin header, gate HTTP and WebSocket access on a SameSite=Strict; HttpOnly connection-token cookie, and sanitize shell terminal creation options; monitor GHSA-78g8-vm3p-97c6 (https://github.com/eclipse-theia/theia/security/advisories/GHSA-78g8-vm3p-97c6) for the patched release and upgrade as soon as it ships. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory Theia installations running versions 1.8.1+; restrict web access to trusted networks behind VPN; disable external internet access from development hosts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Eclipse Theia
View allServer-side request forgery in Eclipse Theia (version 1.26.0 and later) lets a low-privileged user connected to the /ser
Arbitrary command execution in Eclipse Theia versions prior to 1.69.0 allows a malicious repository to run host commands
Indirect prompt injection in Eclipse Theia before 1.71.0 allows a malicious repository to automatically override the AI
Indirect prompt injection in Eclipse Theia versions prior to 1.71.0 allows attackers who control a workspace's filesyste
Unconstrained Markdown image rendering in Eclipse Theia's AI chat component, in all versions prior to 1.71.0, enables si
Same weakness CWE-1385 – Missing Origin Validation in WebSockets
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41529