Skip to main content

Eclipse Theia

6 CVEs product

Monthly

CVE-2026-10055 HIGH PATCH This Week

Server-side request forgery in Eclipse Theia (version 1.26.0 and later) lets a low-privileged user connected to the /services messaging endpoint coerce the backend into fetching an attacker-supplied URL and returning the full response body, exposing localhost admin interfaces and cloud instance metadata that sit behind the browser network boundary. The flaw is exploitable by any client with access to the Theia service connection, making multi-tenant and publicly-reachable deployments the primary concern. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

SSRF Eclipse Theia
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-10054 HIGH PATCH This Week

Cross-site WebSocket hijacking in Eclipse Theia's browser backend (versions 1.8.1 and later) lets a foreign-origin web page reach the unauthenticated /services shell-terminal RPC namespace and execute arbitrary OS commands on the victim's host. The flaw stems from fail-open Origin validation in @theia/core combined with a client-controllable fix-origin header, so simply luring a developer running Theia to a malicious site yields remote code execution. There is no public exploit identified at time of analysis, and CVSS is rated 8.8 (High) driven by the user-interaction-only barrier.

Information Disclosure Eclipse Theia
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-44691 npm HIGH PATCH GHSA This Week

Arbitrary command execution in Eclipse Theia versions prior to 1.69.0 allows a malicious repository to run host commands with the user's privileges when its workspace is opened, because custom task definitions in .theia/tasks.json or .vscode/tasks.json bypass the workspace trust gate. When the victim has also enabled AI chat with tool confirmation disabled via a workspace .theia/settings.json, the chain triggers automatically on the first chat message. No public exploit identified at time of analysis, but the attack pattern mirrors well-known VS Code workspace-trust bypass classes.

RCE Eclipse Theia
NVD VulDB
CVSS 4.0
8.4
EPSS
0.2%
CVE-2026-22551 npm MEDIUM PATCH This Month

Unconstrained Markdown image rendering in Eclipse Theia's AI chat component, in all versions prior to 1.71.0, enables silent data exfiltration when combined with prompt injection via a malicious workspace. An attacker who delivers a crafted workspace can inject instructions into the AI agent's context, causing it to construct Markdown image tags whose URLs encode sensitive workspace or conversation data; when the IDE renders these images, it issues HTTP GET requests transmitting that data to an attacker-controlled server. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but the local-access, active-user-interaction model (CVSS 4.0: 6.7, AV:L/UI:A) correctly reflects that this is a targeted, workspace-delivery attack rather than a remote, unauthenticated threat.

Information Disclosure Eclipse Theia
NVD VulDB
CVSS 4.0
6.7
EPSS
0.2%
CVE-2026-46580 npm HIGH PATCH GHSA This Week

Indirect prompt injection in Eclipse Theia before 1.71.0 allows a malicious repository to automatically override the AI agent's system prompts when a victim opens the workspace, by placing files under .prompts/*.prompttemplate that Theia auto-loads. Combined with built-in AI chat features, the hijacked prompt can chain to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Code Injection Eclipse Theia
NVD VulDB
CVSS 4.0
8.4
EPSS
0.3%
CVE-2026-44688 npm HIGH PATCH GHSA This Week

Indirect prompt injection in Eclipse Theia versions prior to 1.71.0 allows attackers who control a workspace's filesystem layout to coerce the built-in AI chat agent into executing attacker-supplied instructions, enabling data exfiltration through Markdown image rendering or arbitrary command execution through task definitions. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.4 reflects high impact across confidentiality, integrity and availability once a developer opens an untrusted repository. The flaw is reported by the Eclipse Foundation and fixed in version 1.71.0.

Code Injection Eclipse Theia
NVD VulDB
CVSS 4.0
8.4
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Server-side request forgery in Eclipse Theia (version 1.26.0 and later) lets a low-privileged user connected to the /services messaging endpoint coerce the backend into fetching an attacker-supplied URL and returning the full response body, exposing localhost admin interfaces and cloud instance metadata that sit behind the browser network boundary. The flaw is exploitable by any client with access to the Theia service connection, making multi-tenant and publicly-reachable deployments the primary concern. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

SSRF Eclipse Theia
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site WebSocket hijacking in Eclipse Theia's browser backend (versions 1.8.1 and later) lets a foreign-origin web page reach the unauthenticated /services shell-terminal RPC namespace and execute arbitrary OS commands on the victim's host. The flaw stems from fail-open Origin validation in @theia/core combined with a client-controllable fix-origin header, so simply luring a developer running Theia to a malicious site yields remote code execution. There is no public exploit identified at time of analysis, and CVSS is rated 8.8 (High) driven by the user-interaction-only barrier.

Information Disclosure Eclipse Theia
NVD GitHub
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Arbitrary command execution in Eclipse Theia versions prior to 1.69.0 allows a malicious repository to run host commands with the user's privileges when its workspace is opened, because custom task definitions in .theia/tasks.json or .vscode/tasks.json bypass the workspace trust gate. When the victim has also enabled AI chat with tool confirmation disabled via a workspace .theia/settings.json, the chain triggers automatically on the first chat message. No public exploit identified at time of analysis, but the attack pattern mirrors well-known VS Code workspace-trust bypass classes.

RCE Eclipse Theia
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Unconstrained Markdown image rendering in Eclipse Theia's AI chat component, in all versions prior to 1.71.0, enables silent data exfiltration when combined with prompt injection via a malicious workspace. An attacker who delivers a crafted workspace can inject instructions into the AI agent's context, causing it to construct Markdown image tags whose URLs encode sensitive workspace or conversation data; when the IDE renders these images, it issues HTTP GET requests transmitting that data to an attacker-controlled server. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but the local-access, active-user-interaction model (CVSS 4.0: 6.7, AV:L/UI:A) correctly reflects that this is a targeted, workspace-delivery attack rather than a remote, unauthenticated threat.

Information Disclosure Eclipse Theia
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Indirect prompt injection in Eclipse Theia before 1.71.0 allows a malicious repository to automatically override the AI agent's system prompts when a victim opens the workspace, by placing files under .prompts/*.prompttemplate that Theia auto-loads. Combined with built-in AI chat features, the hijacked prompt can chain to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Code Injection Eclipse Theia
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Indirect prompt injection in Eclipse Theia versions prior to 1.71.0 allows attackers who control a workspace's filesystem layout to coerce the built-in AI chat agent into executing attacker-supplied instructions, enabling data exfiltration through Markdown image rendering or arbitrary command execution through task definitions. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.4 reflects high impact across confidentiality, integrity and availability once a developer opens an untrusted repository. The flaw is reported by the Eclipse Foundation and fixed in version 1.71.0.

Code Injection Eclipse Theia
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy