Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-10055
Received
More InfoOfficial Page
Source-emo@eclipse.org
View Known Exploited Vulnerability (KEV) details
Published At-03 Jul, 2026 | 11:16
Updated At-03 Jul, 2026 | 11:16

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the destination URL is neither validated nor allowlisted, a remote attacker with access to the Theia service connection can issue server-side HTTP requests to localhost or other backend-reachable hosts and read their responses, exposing internal administrative endpoints, cloud instance metadata services, and other resources that are intentionally outside the browser network boundary. The vulnerability affects deployments where the Theia service connection is reachable by untrusted users (for example, multi-tenant or publicly-reachable Theia deployments).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-200Primaryemo@eclipse.org
CWE-918Primaryemo@eclipse.org
CWE ID: CWE-200
Type: Primary
Source: emo@eclipse.org
CWE ID: CWE-918
Type: Primary
Source: emo@eclipse.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/eclipse-theia/theia/security/advisories/GHSA-2m57-xxmh-v696emo@eclipse.org
N/A
https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/446emo@eclipse.org
N/A
Hyperlink: https://github.com/eclipse-theia/theia/security/advisories/GHSA-2m57-xxmh-v696
Source: emo@eclipse.org
Resource: N/A
Hyperlink: https://gitlab.eclipse.org/security/vulnerability-reports/-/work_items/446
Source: emo@eclipse.org
Resource: N/A
Change History
0Changes found

Details not found