CVE-2026-1699 | Eclipse Theia preview.yml pull_request_target inclusion of functionality from untrusted control sphere (Issue 332)

Inserito da Angelo Barbosa | Gen 30, 2026 | CVE

A vulnerability described as critical has been identified in Eclipse Theia. This affects the function pull_request_target of the file github/workflows/preview.yml. The manipulation results in inclusion of functionality from untrusted control sphere.

This vulnerability was named CVE-2026-1699. The attack may be performed from remote. There is no available exploit.

Applying a patch is advised to resolve this issue.

CVE-2026-1699 | Eclipse Theia preview.yml pull_request_target inclusion of functionality from untrusted control sphere (Issue 332)

Post correlati

CVE-2025-21207 | Microsoft

CVE-2023-43518 | Qualcomm 4 Gen 1 Mobile Platform Video memory corruption

CVE-2025-1571 | timstrifler Exclusive Addons for Elementor Plugin up to 2.7.6 on WordPress Image Comparison Widget cross site scripting

CVE-2023-6717 | Keycloak SAML cross site scripting