PatchSiren cyber security CVE debrief
CVE-2026-53597 microsoft CVE debrief
CVE-2026-53597 is a high-severity vulnerability in Prompty, a markdown file format for LLM prompts. The vulnerability allows an attacker to execute arbitrary JavaScript during prompt loading due to the @prompty/core TypeScript loader in runtime/typescript/packages/core/src/core/loader.ts using gray-matter without overriding executable js and javascript frontmatter engines. This issue was fixed in version 2.0.0-beta.3. Affected users should review and validate user-controlled .prompty files and implement additional security measures to prevent arbitrary JavaScript execution.
- Vendor
- microsoft
- Product
- prompty
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Developers and users of Prompty, especially those using versions between 2.0.0-alpha.1 and 2.0.0-beta.3, should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and validating user-controlled .prompty files and implementing additional security measures to prevent arbitrary JavaScript execution.
Technical summary
The @prompty/core TypeScript loader in runtime/typescript/packages/core/src/core/loader.ts used gray-matter without overriding executable js and javascript frontmatter engines. This allowed an attacker-controlled .prompty file with ---js frontmatter to execute arbitrary JavaScript during prompt loading. The vulnerability was fixed in version 2.0.0-beta.3. Developers and users of Prompty should be aware of this vulnerability and take steps to mitigate it.
Defensive priority
High
Recommended defensive actions
- Update to version 2.0.0-beta.3 or later
- Review and validate user-controlled .prompty files
- Implement additional security measures to prevent arbitrary JavaScript execution
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-16T16:19:12.860Z and last modified on 2026-07-16T17:18:15.407Z. The NVD entry is currently Deferred. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The @prompty/core TypeScript loader in runtime/typescript/packages/core/src/core/loader.ts used gray-matter without overriding executable js and javascript frontmatter engines, allowing an attacker-controlled .prompty file with ---js frontmatter to execute arbitrary JavaScript during prompt loading.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T16:19:12.860Z and has not been modified since then. The NVD entry is currently Deferred.