DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-53597: CVE-2026-53597: Remote Code Execution in Microsoft prompty via Insecure gray-matter Parsing

CVE-2026-53597: Remote Code Execution in Microsoft prompty via Insecure gray-matter Parsing

Vulnerability ID: CVE-2026-53597
CVSS Score: 8.7
Published: 2026-07-17

CVE-2026-53597 is a high-severity code injection vulnerability in Microsoft's prompty library, specifically affecting the TypeScript loader (@prompty/core). Due to an insecure default configuration in the underlying gray-matter metadata parser, processing untrusted prompt files containing executable JavaScript blocks inside the frontmatter results in arbitrary remote code execution within the security context of the parent Node.js process.

TL;DR

Unauthenticated remote code execution via malicious .prompty frontmatter blocks that trigger evaluation in gray-matter.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-94: Improper Control of Generation of Code ('Code Injection')
  • Attack Vector: Network (with User Interaction)
  • CVSS v4.0: 8.7 (High)
  • EPSS Score: 0.0093 (Percentile: 56.62%)
  • Exploit Status: Proof of Concept (PoC) available
  • KEV Status: Not Listed

Affected Systems

  • Applications utilizing the @prompty/core TypeScript package to parse prompt files
  • Node.js execution runtimes hosting prompty loading capabilities
  • Prompt engineering and automated agent deployment environments using vulnerable prompty loaders
  • @prompty/core: >= 2.0.0-alpha.1, < 2.0.0-beta.3 (Fixed in: 2.0.0-beta.3)

Code Analysis

Commit: c27402d

Fix RCE flaw in TypeScript loader by explicitly overriding default gray-matter executable engines

@@ -79,7 +79,12 @@ export function defaultSaveContext(

 function buildAgent(raw: string, filePath: string, options: LoadOptions): Prompty {
   // 1. Split frontmatter + body
-  const { data, content } = matter(raw);
+  const { data, content } = matter(raw, {
+    engines: {
+      js: { parse: rejectExecutableFrontmatter },
+      javascript: { parse: rejectExecutableFrontmatter },
+    },
+  });
Enter fullscreen mode Exit fullscreen mode

Exploit Details

Mitigation Strategies

  • Upgrade @prompty/core to version 2.0.0-beta.3 or later
  • Implement raw file scanners to reject files with ---js or ---javascript frontmatter tags
  • Enforce least-privilege principles for Node.js execution containers
  • Limit runtime container network egress to authorized destinations only

Remediation Steps:

  1. Identify all projects referencing the npm package @prompty/core
  2. Run 'npm install @prompty/core@2.0.0-beta.3' or modify the package.json to pin the secure version
  3. Run 'npm audit' to verify that no vulnerable transitive dependencies remain in the dependency tree
  4. Deploy the static analysis YARA rule in CI/CD pipeline uploads to intercept malicious templates

References


Read the full report for CVE-2026-53597 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)