CVE-2026-53597
Received Received - Intake

Code Injection in Prompty via Malicious Frontmatter

Vulnerability report for CVE-2026-53597, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

Prompty is a markdown file format (.prompty) for LLM prompts. From 2.0.0-alpha.1 until 2.0.0-beta.3, the @prompty/core TypeScript loader in runtime/typescript/packages/core/src/core/loader.ts used gray-matter without overriding executable js and javascript frontmatter engines, allowing an attacker-controlled .prompty file with ---js frontmatter to execute arbitrary JavaScript during prompt loading. This issue is fixed in version 2.0.0-beta.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
prompty core From 2.0.0-alpha.1 (inc) to 2.0.0-beta.3 (exc)
prompty core 2.0.0-beta.3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the Prompty markdown file format (.prompty) used for LLM prompts. Between versions 2.0.0-alpha.1 and 2.0.0-beta.2, the TypeScript loader in @prompty/core allowed attackers to execute arbitrary JavaScript code by including ---js frontmatter in a .prompty file. The loader used gray-matter to parse frontmatter without disabling executable JavaScript engines, enabling code injection during prompt loading.

Detection Guidance

Check if your system uses @prompty/core versions between 2.0.0-alpha.1 and 2.0.0-beta.2. Inspect .prompty files for ---js frontmatter sections that could execute JavaScript. Use commands like 'npm list @prompty/core' to verify installed versions.

Impact Analysis

If you load untrusted .prompty files using affected versions of @prompty/core, an attacker could execute arbitrary JavaScript code on your system. This could compromise the host Node.js process, potentially leading to data theft, system manipulation, or further network attacks. Users should upgrade to version 2.0.0-beta.3 or later to prevent this risk.

Compliance Impact

This vulnerability allows arbitrary JavaScript execution when loading untrusted .prompty files, which could lead to unauthorized data access, modification, or exfiltration. This may violate GDPR's data protection requirements and HIPAA's safeguards for protected health information if exploited in systems handling such data.

Mitigation Strategies

Upgrade @prompty/core to version 2.0.0-beta.3 or later. Avoid loading untrusted .prompty files. If using gray-matter, ensure executable JavaScript frontmatter engines are disabled during parsing.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53597. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart