CVE-2026-46580
Description
In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.
INFO
Published Date :
June 18, 2026, 2:26 p.m.
Last Modified :
June 18, 2026, 2:26 p.m.
Remotely Exploit :
No
Source :
eclipse
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 4.0 | HIGH | e51fbebd-6053-4e49-959f-1b94eeb69a2c |
Solution
- Update Eclipse Theia to version 1.71.0 or later.
- Review and sanitize workspace prompt template files.
- Disable loading of untrusted workspace features.
- Validate AI model prompts for malicious content.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-46580 vulnerability anywhere in the article.