Lucene search
K

45 matches found

NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-12958

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

8.5CVSS0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 4:3 p.m.28 views

CVE-2026-12958 Arbitrary file write in Language Servers for AWS

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

8.5CVSS0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51548

Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.69.0 Description Missing symlink validation may allow an arbitrary file write outside of the workspace trust boundary. This occurs when a local user opens a workspace containing a maliciously crafte...

8.5CVSS5.9AI score0.00142EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51547

Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.65.0 Description Improper trust boundary enforcement in the Model Context Protocol MCP server configurations within Amazon Q Developer allows for arbitrary code execution. If a local user opens a...

8.5CVSS6.4AI score0.00118EPSS
Exploits0References20
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-49241

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations...

8.8CVSS0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:16 p.m.32 views

CVE-2026-49241 Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Service VS Code extension reads the custom TypeScript SDK paths typescript.tsdk and js/ts.tsdk.path directly from workspace configurations...

8.7CVSS0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51337

Name of the Vulnerable Software and Affected Versions Angular Language Service VS Code Extension versions prior to 21.2.4 Description The client-side extension reads custom TypeScript SDK paths from workspace configurations in .vscode/settings.json without verifying the VS Code Workspace Trust...

8.8CVSS5.9AI score0.00154EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.10 views

[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

6.7CVSS6AI score0.00181EPSS
Exploits0References6Affected Software7
NVD
NVD
added 2026/06/18 4:16 p.m.8 views

CVE-2026-22551

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

6.7CVSS0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:35 p.m.11 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS5.7AI score0.00231EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 2:35 p.m.20 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 2:32 p.m.8 views

EUVD-2026-37900

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

6.7CVSS5.4AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 2:32 p.m.15 views

CVE-2026-22551

Eclipse Theia versions before 1.71.0 are affected: the AI chat could render Markdown image tags from AI responses, causing HTTP requests to arbitrary external URLs. In combination with a malicious workspace via prompt injection, an attacker could coax the AI agent to construct image URLs that lea...

6.7CVSS5.5AI score0.00181EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50688

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description The AI chat renders Markdown image tags from AI responses, which triggers unrestricted HTTP requests to arbitrary external URLs. When combined with prompt injection in a malicious workspace, a...

6.7CVSS6AI score0.00181EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/06/11 4:39 a.m.55 views

claude-code-f002-poc

F002: Supply Chain Attack via Non-Interactive Workspace Trust...

6AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/24 7:30 p.m.51 views

Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...

6.5AI score
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/03/20 8:17 a.m.28 views

CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

7.7CVSS0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 8:17 a.m.5 views

CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

7.7CVSS6AI score0.00337EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 8:17 a.m.2 views

CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

7.7CVSS5.9AI score0.00337EPSS
Exploits0References1
CVE
CVE
added 2026/03/20 8:17 a.m.541 views

CVE-2026-33068

CVE-2026-33068 affects Claude Code. Versions prior to 2.1.53 could bypass the workspace trust dialog by using permissions.defaultMode set to bypassPermissions in the repo-controlled .claude/settings.json, allowing silent trust mode on first open and enabling tool execution without user consent. T...

8.8CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder