Impact
Eclipse Theia allows custom task definitions specified in workspace files such as .theia/tasks.json or .vscode/tasks.json to be executed without enforcing workspace trust. An attacker can create a malicious repository that, when cloned and opened in Theia, will run arbitrary shell commands with the privileges of the user who opens the workspace. This constitutes a high‑severity remote code execution vulnerability with full control over the system on which Theia is running.
Affected Systems
The flaw exists in all Eclipse Theia releases earlier than version 1.69.0. Any user who opens a workspace containing a malicious .theia or .vscode tasks file from an untrusted source is susceptible. The issue is triggered automatically when the user receives a message in the AI chat that calls a task defined in the workspace and when tool confirmation is disabled.
Risk and Exploitability
The CVSS score of 8.4 marks it as high risk. The EPSS score is not available, so the real‑world likelihood of exploitation cannot be quantified, but the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to supply a crafted repository and, for automatic triggering, a message sent in the AI chat. If the user opens the workspace or the chat message is accepted, the attacker can execute arbitrary commands immediately.
OpenCVE Enrichment
Github GHSA