CVE-2026-1699

{"id": "CVE-2026-1699", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-01-30T10:15:56.617", "references": [{"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/332", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-829"}]}], "descriptions": [{"lang": "en", "value": "In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to repository secrets and a GITHUB_TOKEN with extensive write permissions (contents:write, packages:write, pages:write, actions:write). An attacker could exfiltrate secrets, publish malicious packages to the eclipse-theia organization, modify the official Theia website, and push malicious code to the repository."}, {"lang": "es", "value": "En el repositorio de Eclipse Theia Website, el flujo de trabajo de GitHub Actions .github/workflows/preview.yml utiliz\u00f3 el disparador pull_request_target mientras extra\u00eda y ejecutaba c\u00f3digo de solicitud de extracci\u00f3n no confiable. Esto permiti\u00f3 a cualquier usuario de GitHub ejecutar c\u00f3digo arbitrario en el entorno de CI del repositorio con acceso a secretos del repositorio y un GITHUB_TOKEN con amplios permisos de escritura (contents:write, packages:write, pages:write, actions:write). Un atacante podr\u00eda exfiltrar secretos, publicar paquetes maliciosos en la organizaci\u00f3n eclipse-theia, modificar el sitio web oficial de Theia y enviar c\u00f3digo malicioso al repositorio."}], "lastModified": "2026-03-10T18:23:17.930", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:theia_website:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9712F17D-952F-44AE-931E-8C2491E4C1C7", "versionEndExcluding": "2026-01-22"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}