"Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or perform server-side request forgery (SSRF) attacks against servers hosting AI applications. Chainlit is a framework for creating conversational chatbots. According to statistics shared by the Python Software Foundation, the package has been downloaded over 220,000 times over the past week. It has attracted a total of 7.3 million downloads to date."
"CVE-2026-22218 (CVSS score: 7.1) - An arbitrary file read vulnerability in the "/project/element" update flow that allows an authenticated attacker to access the contents of any file readable by the service into their own session due to a lack of validation of user-controller fields CVE-2026-22219 (CVSS score: 8.3) - An SSRF vulnerability in the "/project/element" update flow when configured with the SQLAlchemy data layer backend that allows an attacker to make arbitrary HTTP requests to internal network services or cloud metadata endpoints from the Chainlit server and store the retrieved responses"
Two high-severity vulnerabilities in the Chainlit open-source chatbot framework allow authenticated attackers to read arbitrary files and perform SSRF when the SQLAlchemy backend is configured. CVE-2026-22218 permits arbitrary file reads in the "/project/element" update flow by failing to validate user-controller fields, exposing any file readable by the service. CVE-2026-22219 enables SSRF in the same update flow with SQLAlchemy, allowing arbitrary HTTP requests to internal services or cloud metadata endpoints and storing responses. Combined exploitation can leak cloud environment API keys, steal sensitive files, enable privilege escalation, and facilitate lateral movement within affected environments.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]