PatchSiren cyber security CVE debrief
CVE-2026-22661 f CVE debrief
A path traversal vulnerability in prompts.chat prior to commit 0f8d4c3 allows attackers to write arbitrary files to client systems via malicious ZIP archives containing unsanitized path traversal sequences. The vulnerability stems from missing server-side filename validation during skill file extraction, enabling directory escape and potential code execution through shell initialization file overwrite.
- Vendor
- f
- Product
- prompts.chat
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-03
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-04-03
- Advisory updated
- 2026-05-26
Who should care
Organizations and individuals using prompts.chat for AI prompt management, particularly those importing skill files from untrusted sources. Security teams responsible for supply chain security of development tools and prompt engineering platforms. Developers building similar file extraction functionality in applications handling user-supplied archives.
Technical summary
The prompts.chat application fails to sanitize filenames within ZIP archives during skill file extraction. Attackers can craft malicious archives containing path traversal sequences (../) that escape the intended extraction directory when processed by vulnerable tools. This enables arbitrary file writes to sensitive locations including shell initialization files, potentially achieving code execution on affected systems. The vulnerability requires user interaction to import a malicious skill file but carries high impact due to confidentiality and integrity compromise of the client system.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to prompts.chat commit 0f8d4c3 or later which contains the security patch
- Validate and sanitize all filenames extracted from ZIP archives before writing to filesystem
- Implement path canonicalization to resolve and verify extracted file paths against intended destination directory
- Restrict file extraction to whitelisted file types and extensions
- Apply principle of least privilege to file system operations in skill file handling components
- Monitor for suspicious file write operations outside designated directories
- Review and audit skill file import functionality for additional path traversal vectors
Evidence notes
NVD records this as a modified vulnerability with CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N. The vulnerability was disclosed via [email protected] with patch commit 0f8d4c381abd7b2d7478c9fdee9522149c2d65e5. CPE criteria indicates affected versions prior to 2026-03-25. CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) is the identified weakness.
Official resources
-
CVE-2026-22661 CVE record
CVE.org
-
CVE-2026-22661 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
2026-04-03