CVE-2026-22661

Source
https://cve.org/CVERecord?id=CVE-2026-22661
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22661.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-22661
Published
2026-04-03T20:26:29.340Z
Modified
2026-07-08T08:12:44.435297524Z
Severity
  • 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
prompts.chat Path Traversal via Skill File Handling
Details

prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing server-side filename validation to inject path traversal sequences ../ into skill file archives, which when extracted by vulnerable tools writing files outside the intended directory and overwriting shell initialization files to achieve code execution.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "0f8d4c381abd7b2d7478c9fdee9522149c2d65e5"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22661.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Git / github.com/f/prompts.chat

Affected ranges

Type
GIT
Repo
https://github.com/f/prompts.chat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22661.json"