2 matches found
CVE-2026-10055
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...
CVE-2026-10055
creationtimestamp| type| source ---|---|--- 2026-07-03 11:16:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpqgb2rrz72w 2026-07-03 12:00:29+00:00| seen| https://infosec.exchange/users/offseq/statuses/116855932778535722 2026-07-03 12:00:33+00:00| seen|...