CVE-2026-44688 is a vulnerability in Eclipse Theia before version 1.71.0 involving improper neutralization of input used for large language model (LLM) prompting (CWE-1427). The AI chat agent includes workspace file and directory names in its prompt context without differentiating them from system instructions. An attacker can create adversarial directory or file names in a malicious repository that, when processed by the AI agent, result in indirect prompt injection. This can be combined with other AI chat features in untrusted workspaces to enable attack chains that lead to data exfiltration through Markdown image rendering or arbitrary command execution via task definitions. The CVSS 4.0 base score is 8.4, indicating high severity. No official patch or remediation level has been published yet.

Successful exploitation allows attackers to inject malicious instructions into the AI chat agent's prompt context by using crafted workspace file or directory names. This indirect prompt injection can lead to data exfiltration and arbitrary command execution within the affected environment. The vulnerability affects local attack vectors with low complexity but requires user interaction. It does not require privileges but has high impact on confidentiality, integrity, and availability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, avoid opening untrusted or malicious repositories in Eclipse Theia instances that use the AI chat agent feature. Limit use of AI chat features in untrusted workspaces to reduce exposure. Monitor vendor communications for updates on patches or official mitigations.