Description
In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges. In combination with AI chat features and a workspace .theia/settings.json that disabled tool confirmation, this could be triggered automatically by sending a message in the AI chat.
Published: 2026-06-18
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Eclipse Theia allows custom task definitions specified in workspace files such as .theia/tasks.json or .vscode/tasks.json to be executed without enforcing workspace trust. An attacker can create a malicious repository that, when cloned and opened in Theia, will run arbitrary shell commands with the privileges of the user who opens the workspace. This constitutes a high‑severity remote code execution vulnerability with full control over the system on which Theia is running.

Affected Systems

The flaw exists in all Eclipse Theia releases earlier than version 1.69.0. Any user who opens a workspace containing a malicious .theia or .vscode tasks file from an untrusted source is susceptible. The issue is triggered automatically when the user receives a message in the AI chat that calls a task defined in the workspace and when tool confirmation is disabled.

Risk and Exploitability

The CVSS score of 8.4 marks it as high risk. The EPSS score is not available, so the real‑world likelihood of exploitation cannot be quantified, but the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to supply a crafted repository and, for automatic triggering, a message sent in the AI chat. If the user opens the workspace or the chat message is accepted, the attacker can execute arbitrary commands immediately.

Generated by OpenCVE AI on June 18, 2026 at 19:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Eclipse Theia to version 1.69.0 or later.
  • Configure the workspace trust setting to require explicit approval before running any custom tasks from untrusted workspaces.
  • Ensure that tool confirmation is enabled in the .theia/settings.json file to block silent task execution.
  • Limit or disable the AI chat feature that can trigger tasks automatically, or enforce a confirmation prompt before executing any task from a chat message.

Generated by OpenCVE AI on June 18, 2026 at 19:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g9jw-92q7-g7fj [Eclipse Theia] Arbitrary Command Execution via Untrusted Workspace Task Definitions
History

Thu, 18 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Eclipse
Eclipse theia
Vendors & Products Eclipse
Eclipse theia

Thu, 18 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Untrusted Workspace Task Definitions

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files (e.g. .theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitrary commands with the user's privileges. In combination with AI chat features and a workspace .theia/settings.json that disabled tool confirmation, this could be triggered automatically by sending a message in the AI chat.
Weaknesses CWE-829
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published:

Updated: 2026-06-19T03:55:44.974Z

Reserved: 2026-05-22T07:47:58.165Z

Link: CVE-2026-44691

cve-icon Vulnrichment

Updated: 2026-06-18T16:08:44.662Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:00:14Z

Weaknesses
  • CWE-829

    Inclusion of Functionality from Untrusted Control Sphere