CVE-2026-46580
Received Received - Intake
Indirect Prompt Injection in Eclipse Theia

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: Eclipse Foundation

Description
In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-46580
EUVD
EUVD-2026-37899
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eclipse theia to 1.71.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

Eclipse Theia versions prior to 1.71.0 have a vulnerability where files matching the pattern `.prompts/*.prompttemplate` in a workspace are automatically loaded and can override or extend the AI agent's system prompts.

An attacker can create a malicious repository containing such prompt template files. When this repository is opened in Theia, the AI's system instructions are replaced with attacker-controlled content, which is an indirect prompt injection.

This vulnerability enables attack chains that can lead to data exfiltration through Markdown image rendering or arbitrary command execution via task definitions.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary commands or exfiltrate data from your environment by injecting malicious prompts into the AI agent used within Eclipse Theia.

Specifically, attackers can exploit this by crafting malicious repositories that, when opened, replace system instructions of the AI, potentially leading to unauthorized data access or execution of harmful tasks.

Detection Guidance

This vulnerability involves files matching the pattern `.prompts/*.prompttemplate` being automatically loaded in Eclipse Theia workspaces prior to version 1.71.0. To detect if your system is vulnerable, you can check for the presence of such files in your workspace directories.

You can use commands to search for these files in your workspace folders. For example, on a Unix-like system, you might run:

  • find /path/to/workspace -type f -path '*.prompts/*.prompttemplate'

Additionally, verify the version of Eclipse Theia you are running to confirm if it is prior to 1.71.0:

  • theia --version

If you find `.prompttemplate` files in your workspace or are running a vulnerable version, your system may be exposed to this vulnerability.

Mitigation Strategies

The primary mitigation step is to upgrade Eclipse Theia to version 1.71.0 or later, where this vulnerability has been fixed.

Until you can upgrade, avoid opening untrusted or malicious workspaces that may contain `.prompts/*.prompttemplate` files, as these can override AI system prompts and enable attack chains.

You may also consider auditing and removing any `.prompttemplate` files from your workspace directories to prevent automatic loading of potentially malicious prompt templates.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46580. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart