8.5
CVE-2026-10055
- EPSS 0.3%
- Veröffentlicht 03.07.2026 10:30:57
- Zuletzt bearbeitet 06.07.2026 18:56:27
- Quelle emo@eclipse.org
- CVE-Watchlists
- Unerledigt
In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the destination URL is neither validated nor allowlisted, a remote attacker with access to the Theia service connection can issue server-side HTTP requests to localhost or other backend-reachable hosts and read their responses, exposing internal administrative endpoints, cloud instance metadata services, and other resources that are intentionally outside the browser network boundary. The vulnerability affects deployments where the Theia service connection is reachable by untrusted users (for example, multi-tenant or publicly-reachable Theia deployments).
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerEclipse Foundation
≫
Produkt
Eclipse Theia
Default Statusunaffected
Version
1.26.0
Version <
1.73.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.214 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| emo@eclipse.org | 8.5 | 3.1 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://github.com/eclipse-theia/theia/security/advisories/GHSA-2m57-xxmh-v696
https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/446