Known Vulnerabilities for Eclipse Theia by Eclipse Foundation
Listed below are 6 of the newest known vulnerabilities associated with "Eclipse Theia" by "Eclipse Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46580 json | In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatic... | Not Provided | 2026-06-18 | 2026-06-19 |
| CVE-2026-44691 json | In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.... | Not Provided | 2026-06-18 | 2026-06-19 |
| CVE-2026-44688 json | In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prom... | Not Provided | 2026-06-18 | 2026-06-19 |
| CVE-2026-22551 json | In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP reques... | Not Provided | 2026-06-18 | 2026-06-18 |
| CVE-2026-10055 json | In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any ... | Not Provided | 2026-07-03 | 2026-07-06 |
| CVE-2026-10054 json | In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (... | Not Provided | 2026-07-03 | 2026-07-07 |