Known Vulnerabilities for Eclipse CSI - PIA by Eclipse Foundation
Listed below are 10 of the newest known vulnerabilities associated with "Eclipse CSI - PIA" by "Eclipse Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-58465 json | Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler w... | Not Provided | 2026-07-02 | 2026-07-02 |
| CVE-2026-46580 json | In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatic... | Not Provided | 2026-06-18 | 2026-06-19 |
| CVE-2026-44691 json | In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.... | Not Provided | 2026-06-18 | 2026-06-19 |
| CVE-2026-44688 json | In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prom... | Not Provided | 2026-06-18 | 2026-06-19 |
| CVE-2026-27509 json | Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) do not implement DDS authentication or authorization f... | Not Provided | 2026-02-26 | 2026-05-26 |
| CVE-2026-22551 json | In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP reques... | Not Provided | 2026-06-18 | 2026-06-18 |
| CVE-2026-14336 json | PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ')... | Not Provided | 2026-07-02 | 2026-07-02 |
| CVE-2026-11576 json | The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use... | Not Provided | 2026-06-19 | 2026-06-22 |
| CVE-2026-10055 json | In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any ... | Not Provided | 2026-07-03 | 2026-07-03 |
| CVE-2026-10054 json | In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (... | Not Provided | 2026-07-03 | 2026-07-03 |