Cyber Resilience

CVE-2026-1699

CriticalPublic PoC

Published: 30 January 2026

Published
30 January 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0050 39.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-1699 is a critical-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Eclipse Theia Website. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Supply Chain (T1195.002); ranked at the 39.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2026-1699 is a critical vulnerability (CVSS 10.0, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) affecting the Eclipse Theia Website repository. The issue resides in the GitHub Actions workflow file .github/workflows/preview.yml, which uses the pull_request_target trigger while checking out and executing untrusted pull request code. This misconfiguration, tied to CWE-829 (Inclusion of Functionality from Untrusted Control Sphere), exposes the CI environment to arbitrary code execution.

Any GitHub user can exploit this vulnerability by submitting a malicious pull request, triggering the workflow to run untrusted code with elevated privileges. The code executes in the repository's CI environment, gaining access to repository secrets and a GITHUB_TOKEN with broad write permissions (contents:write, packages:write, pages:write, actions:write). Successful exploitation allows attackers to exfiltrate secrets, publish malicious packages to the eclipse-theia organization, modify the official Theia website, and push malicious code directly to the repository.

Mitigation details are documented in the Eclipse security advisory at https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/332, published on 2026-01-30.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to…

more

repository secrets and a GITHUB_TOKEN with extensive write permissions (contents:write, packages:write, pages:write, actions:write). An attacker could exfiltrate secrets, publish malicious packages to the eclipse-theia organization, modify the official Theia website, and push malicious code to the repository.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Vuln directly enables supply-chain compromise via malicious PR code exec in CI (T1195.002), arbitrary command execution (T1059), and credential/secret exfiltration (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2586Same vendor: Eclipse
CVE-2026-2587Same vendor: Eclipse
CVE-2026-24457Same vendor: Eclipse
CVE-2026-5795Same vendor: Eclipse
CVE-2025-0728Same vendor: Eclipse
CVE-2025-1471Same vendor: Eclipse
CVE-2025-67109Same vendor: Eclipse
CVE-2026-22886Same vendor: Eclipse
CVE-2025-55102Same vendor: Eclipse
CVE-2025-55100Same vendor: Eclipse

Affected Assets

eclipse
theia website
≤ 2026-01-22

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires establishment and enforcement of secure configuration settings for GitHub Actions workflows to prevent use of pull_request_target trigger with untrusted code execution.

prevent

Enforces least privilege on GITHUB_TOKEN permissions in CI environments, limiting damage from arbitrary code execution by restricting write access to contents, packages, pages, and actions.

prevent

Restricts modifications to configuration-controlled workflow files like preview.yml to authorized roles, preventing introduction or persistence of vulnerable trigger configurations.

References