CVE-2026-22551: CWE-201: Insertion of Sensitive Information Into Sent Data in Eclipse Foundation Eclipse Theia
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information from the workspace or conversation context, exfiltrating it to attacker-controlled servers. The workspace trust enforcement introduced in v1.71.0 mitigates the documented attack chain by disabling AI features in untrusted workspaces.
AI Analysis
Technical Summary
CVE-2026-22551 is a vulnerability in Eclipse Theia before version 1.71.0 where the AI chat feature renders Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. An attacker leveraging prompt injection in a malicious workspace can cause the AI agent to generate image URLs that encode sensitive information from the workspace or conversation context, leading to data exfiltration. The introduction of workspace trust enforcement in version 1.71.0 mitigates this attack by disabling AI features in untrusted workspaces, preventing the exfiltration chain.
Potential Impact
Sensitive information from the workspace or conversation context can be exfiltrated to attacker-controlled servers through crafted AI responses that cause HTTP requests to arbitrary external URLs. This can lead to unauthorized disclosure of confidential data. The vulnerability requires user interaction (UI:A) and local access (AV:L) but does not require privileges or authentication. The CVSS 4.0 score is 6.7 (medium severity).
Mitigation Recommendations
Upgrade Eclipse Theia to version 1.71.0 or later, which introduces workspace trust enforcement that disables AI features in untrusted workspaces, effectively mitigating the vulnerability. No official patch or remediation level is explicitly stated beyond this version update. Until upgrading, avoid opening untrusted workspaces that could contain malicious prompt injections targeting the AI chat feature.
CVE-2026-22551: CWE-201: Insertion of Sensitive Information Into Sent Data in Eclipse Foundation Eclipse Theia
Description
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs encoding sensitive information from the workspace or conversation context, exfiltrating it to attacker-controlled servers. The workspace trust enforcement introduced in v1.71.0 mitigates the documented attack chain by disabling AI features in untrusted workspaces.
CVSS v4.0
Score 6.7medium
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-22551 is a vulnerability in Eclipse Theia before version 1.71.0 where the AI chat feature renders Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. An attacker leveraging prompt injection in a malicious workspace can cause the AI agent to generate image URLs that encode sensitive information from the workspace or conversation context, leading to data exfiltration. The introduction of workspace trust enforcement in version 1.71.0 mitigates this attack by disabling AI features in untrusted workspaces, preventing the exfiltration chain.
Potential Impact
Sensitive information from the workspace or conversation context can be exfiltrated to attacker-controlled servers through crafted AI responses that cause HTTP requests to arbitrary external URLs. This can lead to unauthorized disclosure of confidential data. The vulnerability requires user interaction (UI:A) and local access (AV:L) but does not require privileges or authentication. The CVSS 4.0 score is 6.7 (medium severity).
Mitigation Recommendations
Upgrade Eclipse Theia to version 1.71.0 or later, which introduces workspace trust enforcement that disables AI features in untrusted workspaces, effectively mitigating the vulnerability. No official patch or remediation level is explicitly stated beyond this version update. Until upgrading, avoid opening untrusted workspaces that could contain malicious prompt injections targeting the AI chat feature.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- eclipse
- Date Reserved
- 2026-05-22T07:47:58.210Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a340cacf198dc38c105917b
Added to database: 6/18/2026, 3:20:12 PM
Last enriched: 6/18/2026, 3:36:18 PM
Last updated: 6/18/2026, 6:16:41 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.