CVE-2026-44688

HIGH EPSS 18.9%

Published Jun 18, 20261w ago · Modified Jun 22, 20261w ago

8.4 CVSS 4.0

High

Published Jun 18, 2026 1w ago

Last Modified Jun 22, 2026 1w ago

Description

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed by the AI agent, would cause the agent to follow attacker-controlled instructions (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

CVSS Details

Base Score

8.4

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction A

Scope X

Threat Intelligence

EPSS Exploit Probability

18.9% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-829

Affected Products 1

Vendor	Product	Version	Range
eclipse	theia	*	<1.71.0

References 1

gitlab.eclipse.org https://gitlab.eclipse.org/security/cve-assignment/-/work_items/113

Vendor AdvisoryPatch

Remediation

gitlab.eclipse.org https://gitlab.eclipse.org/security/cve-assignment/-/work_items/113

Vendor AdvisoryPatch