What happened
In Eclipse Theia versions prior to 1.69.0 (CVSS 8.4 HIGH, NVD June 18, 2026), custom task definitions in workspace files (.theia/tasks.json, .vscode/tasks.json) could be executed without requiring workspace trust. An attacker can craft a malicious repository that, when cloned and opened in Theia, leads to automatic execution of arbitrary commands on the developer's machine without any trust confirmation prompt.
Why it matters
This is a repository-as-RCE vector affecting AI-enhanced developer workflows: in environments where AI agents auto-run tasks or developers routinely execute workspace-defined tasks in AI-assisted coding sessions, a single git clone of a malicious repository achieves code execution with no further interaction required.
Attack vector
Attacker crafts .theia/tasks.json or .vscode/tasks.json with malicious command definitions. Developer clones and opens the repository in Theia; task definitions execute without workspace trust being enforced, running attacker commands on the developer's machine.
Affected systems
Eclipse Theia < 1.69.0
Mitigation
Upgrade to Eclipse Theia 1.69.0 or later. See CVE assignment: https://gitlab.eclipse.org/security/cve-assignment/-/work_items/116