2 matches found
CVE-2026-53598
The CVE-2026-53598 issue affects Prompty (.prompty) loaders that expanded ${file:...} references in frontmatter before 2.0.0-beta.2, allowing an attacker-controlled prompt to read local files via absolute paths, .. traversal, or symlink escapes. Root cause: path confinement was not enforced durin...
CVE-2026-53597
CVE-2026-53597 affects the Prompty markdown format loader: for versions 2.0.0-alpha.1 through 2.0.0-beta.3, the @prompty/core TypeScript loader in runtime/typescript/packages/core/src/core/loader.ts did not override executable engines for js/frontmatter, allowing attacker-controlled .prompty file...