Platform
nodejs
Component
prompts-chat
Fixed in
0f8d4c381abd7b2d7478c9fdee9522149c2d65e5
CVE-2026-22661 describes a Path Traversal vulnerability discovered in prompts.chat, a Node.js application. This flaw allows attackers to write arbitrary files to the client system by exploiting insufficient filename validation during skill file handling. Affected versions are those prior to commit 0f8d4c381abd7b2d7478c9fdee9522149c2d65e5. A fix is available in version 0f8d4c381abd7b2d7478c9fdee9522149c2d65e5.
The vulnerability lies in how prompts.chat handles skill files, which are likely used to extend the application's functionality. An attacker can craft a malicious ZIP archive containing skill files with filenames that include path traversal sequences (e.g., ../). When the application extracts these archives, it will write files outside the intended directory. This could allow an attacker to overwrite critical system files, such as shell initialization files (e.g., .bashrc, .zshrc), leading to remote code execution. The impact is significant, as successful exploitation could grant the attacker complete control over the client system where prompts.chat is running. This is particularly concerning if prompts.chat is deployed in a server environment or used to process user-supplied data.
CVE-2026-22661 was publicly disclosed on 2026-04-03. There is no indication of this vulnerability being actively exploited at this time. No public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 8.1 (HIGH) indicates a significant potential for exploitation if the vulnerability is exposed and accessible.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to version 0f8d4c381abd7b2d7478c9fdee9522149c2d65e5 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. One approach is to implement strict filename validation on the server-side before extracting ZIP archives. This should include sanitizing filenames to remove or reject any path traversal sequences (e.g., ../, ./). Another option is to restrict the directories where skill files can be extracted to a tightly controlled sandbox. Monitor system files for unexpected modifications, particularly shell initialization files. After upgrading, confirm the fix by attempting to upload a ZIP archive containing a malicious skill file with a path traversal sequence in its filename; the application should reject the upload or extract the file to the expected location.
Update to version 0.0.0 or later, which fixes the path traversal vulnerability. This involves updating the 'prompts.chat' package to the latest version available in the GitHub repository.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22661 is a Path Traversal vulnerability in prompts.chat allowing attackers to write arbitrary files, potentially leading to code execution. It affects versions prior to 0f8d4c381abd7b2d7478c9fdee9522149c2d65e5.
You are affected if you are using prompts.chat versions 0.0.0–0f8d4c381abd7b2d7478c9fdee9522149c2d65e5 and accept skill files from untrusted sources.
Upgrade to version 0f8d4c381abd7b2d7478c9fdee9522149c2d65e5 or implement strict filename validation on the server-side.
There is currently no indication that CVE-2026-22661 is being actively exploited.
Refer to the prompts.chat project repository for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.