CVE-2026-22661
Published: 03 April 2026
Summary
CVE-2026-22661 is a high-severity Path Traversal (CWE-22) vulnerability in Fka Prompts.Chat. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2026-22661 is a path traversal vulnerability (CWE-22) affecting prompts.chat prior to commit 0f8d4c3, specifically in its skill file handling mechanism. The issue stems from inadequate server-side filename validation when processing ZIP archives, allowing attackers to embed path traversal sequences such as "../" in filenames. When these malicious archives are extracted by client-side tools, files can be written outside the intended directory, enabling arbitrary file writes on the victim's system. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), indicating high severity due to its potential for confidentiality and integrity impacts.
Remote, unauthenticated attackers can exploit this vulnerability by crafting and distributing malicious ZIP archives disguised as legitimate skill files. Victims must interact by downloading and extracting the archive, at which point the traversal sequences bypass directory restrictions, allowing files to be written to sensitive locations like shell initialization files (e.g., .bashrc or .profile). Successful exploitation leads to code execution on the client system, as the overwritten files can inject arbitrary commands executed upon user shell sessions.
Mitigation involves updating prompts.chat to commit 0f8d4c3 or later, as detailed in the project's GitHub commit (0f8d4c381abd7b2d7478c9fdee9522149c2d65e5) and pull request #1101, which presumably introduce proper filename sanitization. Additional guidance is available in the VulnCheck advisory on prompts.chat path traversal via skill file handling.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-18821
Vulnerability details
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit…
more
missing server-side filename validation to inject path traversal sequences ../ into skill file archives, which when extracted by vulnerable tools writing files outside the intended directory and overwriting shell initialization files to achieve code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malicious ZIP delivery triggers user extraction (T1204.002); path traversal enables writes to shell init files like .bashrc for execution (T1546.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of untrusted input (ZIP filenames) to reject path traversal sequences such as '../' before extraction occurs.
Provides mechanisms to scan, detect, and block malicious archives that attempt arbitrary file writes via crafted skill-file ZIPs.
Requires integrity verification of files and software to stop unauthorized overwrites of sensitive files (e.g., shell init scripts) resulting from the path traversal.