What happened
In Eclipse Theia versions prior to 1.71.0 (CVSS 8.4 HIGH, NVD June 18, 2026), files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker can craft a malicious repository containing prompt template files that, when the workspace is opened, silently replace or augment the AI agent's system instructions with attacker-controlled content.
Why it matters
System prompt override is among the most severe agentic attack primitives: it allows an attacker to redefine the AI agent's behaviour, goals, and constraints entirely. A developer opening a malicious repository could have their AI coding assistant silently re-programmed to exfiltrate code, submit malicious commits, or provide backdoored suggestions — with no visible indication of compromise.
Attack vector
Attacker plants .prompts/*.prompttemplate files in a repository. When a developer opens the repository in Theia, the prompt templates are automatically loaded and override or extend the AI agent's system prompts, redirecting agent behaviour.
Affected systems
Eclipse Theia < 1.71.0
Mitigation
Upgrade to Eclipse Theia 1.71.0 or later. See CVE assignment: https://gitlab.eclipse.org/security/cve-assignment/-/work_items/114