CVE-2026-44688
Received Received - Intake
Indirect Prompt Injection in Eclipse Theia AI Agent

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: Eclipse Foundation

Description
In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed by the AI agent, would cause the agent to follow attacker-controlled instructions (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-44688
EUVD
EUVD-2026-37898
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eclipse theia to 1.71.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Eclipse Theia versions prior to 1.71.0 have a vulnerability where the AI chat agent processes workspace file and directory names as part of its prompt context without distinguishing them from system instructions.

An attacker can create a malicious repository with specially crafted directory or file names that, when analyzed by the AI agent, cause it to follow attacker-controlled instructions. This is known as an indirect prompt injection.

This vulnerability can lead to attack chains that enable data exfiltration through Markdown image rendering or arbitrary command execution via task definitions.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can allow attackers to execute arbitrary commands or exfiltrate data by exploiting the AI chat agent's processing of malicious file and directory names.

If you use Eclipse Theia versions prior to 1.71.0, an attacker could leverage this flaw to gain unauthorized access to sensitive information or execute harmful commands within your environment.

Detection Guidance

Detection of this vulnerability involves identifying if Eclipse Theia versions prior to 1.71.0 are in use, as these versions are affected by the indirect prompt injection issue.

Since the vulnerability arises from the AI chat agent processing workspace file and directory names as part of its prompt context, detection could include checking for suspicious or adversarial directory or file names in repositories used by Theia.

No specific detection commands are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade Eclipse Theia to version 1.71.0 or later, where this vulnerability has been addressed.

Until the upgrade is applied, avoid opening untrusted or malicious repositories that may contain adversarial directory or file names which could trigger the vulnerability.

Additionally, be cautious with AI chat features in untrusted workspaces, as these can be exploited in attack chains leading to data exfiltration or arbitrary command execution.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44688. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart