42 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46580
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or...
[Eclipse Theia] Indirect Prompt Injection via Auto-Loaded Workspace Prompt Template Files in AI Chat
In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...
Unsafe Dependency Resolution
Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted...
Unsafe Dependency Resolution
Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by...
Unsafe Dependency Resolution
Overview @theia/ai-core is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted prompt...
Unsafe Dependency Resolution
Overview @theia/ai-ide is an AI IDE Agents Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing crafted...
Unsafe Dependency Resolution
Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic loading of .prompts/.prompttemplate files in a workspace. An attacker can manipulate the AI agent's system instructions by introducing...
EUVD-2026-37899
In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...
PT-2026-50691
Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description Files matching the pattern .prompts/.prompttemplate in a workspace are automatically loaded, allowing them to override or extend the AI agent's system prompts. This enables indirect prompt...
CVE-2026-44209
A flaw was found in banks. This vulnerability, known as Server-Side Template Injection SSTI, allows a remote attacker to achieve Remote Code Execution RCE on the host system. This occurs when applications using banks pass user-supplied strings directly as template arguments to the Prompt function...
CVE-2026-44209
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...
EUVD-2026-31997
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...
CVE-2026-44209
Banks prompt templating (banks) is vulnerable prior to version 2.4.2 due to an unsandboxed jinja2.Environment() when rendering prompt templates. If applications pass user-supplied strings as the template argument to Prompt(), this SSTI can lead to Remote Code Execution on the host. The issue is f...
Remote Code Execution (RCE)
LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...
GHSA-GPHH-9Q3H-JGPP banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI
Summary banks = 2.4.1 uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection SSTI, which can lead to Remote Code Execution RCE on the host system. This is a...
CVE-2026-42203
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...
PT-2026-39237
Name of the Vulnerable Software and Affected Versions banks versions prior to 2.4.2 Description Server-Side Template Injection SSTI occurs when applications pass user-supplied strings directly as template arguments to the Prompt function. This happens because the software uses jinja2.Environment ...
CVE-2026-40087 LangChain has incomplete f-string validation in prompt templates
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...
CVE-2026-40087
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...
CVE-2026-40087
LangChain CVE-2026-40087 affects the f-string prompt-template validation prior to versions 0.3.84 and 1.2.28. The vulnerability arises because DictPromptTemplate and ImagePromptTemplate could accept templates containing attribute access or indexing expressions and evaluate them during formatting,...