Executive Summary

CVE-2026-22551 affects Eclipse Theia versions prior to 1.71.0, where the AI chat feature rendered Markdown image tags from AI responses and automatically triggered HTTP requests to external URLs without any restrictions.

An attacker could exploit this by using prompt injection in a malicious workspace to make the AI agent generate image URLs that encode sensitive information from the workspace or conversation context.

These URLs would then be requested by the application, effectively exfiltrating sensitive data to attacker-controlled servers.

This vulnerability was mitigated in version 1.71.0 by introducing workspace trust enforcement, which disables AI features in untrusted workspaces.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to the unauthorized exfiltration of sensitive information from your workspace or conversation context to attacker-controlled servers.

Because the AI chat automatically triggers HTTP requests to arbitrary external URLs embedded in Markdown image tags, attackers can encode confidential data into these URLs and leak it without user consent.

The CVSS score indicates a high impact on confidentiality, meaning sensitive data exposure is the primary risk.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the AI chat feature in Eclipse Theia rendering Markdown image tags that trigger HTTP requests to arbitrary external URLs. Detection can focus on monitoring unexpected outbound HTTP requests originating from Eclipse Theia instances, especially those triggered by AI chat interactions.

You can detect potential exploitation by capturing and analyzing network traffic for unusual HTTP requests to external servers that are initiated by Eclipse Theia processes.

• Use network monitoring tools like tcpdump or Wireshark to capture HTTP requests from the system running Eclipse Theia.
• Example tcpdump command to monitor HTTP traffic: sudo tcpdump -i any -n -s 0 -A 'tcp port 80 or tcp port 443'
• Check Eclipse Theia logs for AI chat activity that includes Markdown image tags or unexpected external URL requests.
• Use process monitoring commands (e.g., ps, netstat, or lsof) to identify if Eclipse Theia is making outbound connections to suspicious external IP addresses.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade Eclipse Theia to version 1.71.0 or later, where workspace trust enforcement disables AI features in untrusted workspaces, preventing the attack chain.

Until the upgrade can be applied, consider disabling the AI chat feature or restricting network access from Eclipse Theia to prevent unauthorized HTTP requests to external servers.

Additionally, enforce workspace trust policies to ensure that untrusted or malicious workspaces cannot trigger AI features.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows attackers to exfiltrate sensitive information from the workspace or conversation context to attacker-controlled servers by exploiting AI chat features that render Markdown image tags triggering HTTP requests to arbitrary external URLs.

Such unauthorized disclosure of sensitive data can lead to violations of data protection regulations and standards like GDPR and HIPAA, which mandate strict controls over the confidentiality and integrity of personal and sensitive information.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to the potential leakage of protected data.

Useful 0 Not Useful 0