CVE-2026-56104 Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

CVE-2026-56104 Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

EUVD-2026-38285

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

CVE-2026-56104

CVE-2026-56104 affects Chainlit prior to 2.10.1. A session-hijacking flaw lets unauthenticated attackers restore and inherit an authenticated user session by presenting a valid sessionId during WebSocket session restoration, without ownership verification. The attacker can exploit the restore_exi...

GHSA-QWGJ-RRPJ-75XM PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration, Enabling Unapproved Shell Command Execution

Summary The Chainlit UI modules chat.py and code.py hardcode config.approvalmode = "auto" after loading administrator configuration from the PRAISONAPPROVALMODE environment variable, silently overriding any "manual" or "scoped" approval setting. This defeats the human-in-the-loop approval gate fo...

PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration, Enabling Unapproved Shell Command Execution

Summary The Chainlit UI modules chat.py and code.py hardcode config.approvalmode = "auto" after loading administrator configuration from the PRAISONAPPROVALMODE environment variable, silently overriding any "manual" or "scoped" approval setting. This defeats the human-in-the-loop approval gate fo...

Server-Side Request Forgery (SSRF)

Chainlit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to fetching attacker-controlled URLs during element updates, where the SQLAlchemy data layer performs outbound HTTP GET requests on user-supplied url values, allowing authenticated attackers to access internal...

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Security vulnerabilities were uncovered in the popular open-source artificial intelligence AI framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively...

CVE-2026-22219

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

CVE-2026-22218

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

agentengine-sdk-python (>=0.2.0 <=0.4.0), agentic-chat-ui (>=0.1.0 <=0.2.4) +45 more potentially affected by CVE-2026-22219 via chainlit (>=1.0.0 <=2.6.3)

chainlit PYPI version =1.0.0, =0.2.0, =0.1.0, =0.3.0, =0.0.3, =0.14.0, =0.0.0, =0.1.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.2 and more Source cves: CVE-2026-22219 Source advisory: OSV:GHSA-2G59-M95P-PGFQ...

Chainlit contain a server-side request forgery (SSRF) vulnerability

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

GHSA-2G59-M95P-PGFQ Chainlit contain a server-side request forgery (SSRF) vulnerability

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

CVE-2026-22219

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

CVE-2026-22218

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

CVE-2026-22218

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

Chainlit code issue vulnerabilities

Chainlit is an open-source large-scale dialogue interface framework developed by Chainlit. Versions of Chainlit prior to 2.9.4 contained code vulnerabilities. These vulnerabilities stemmed from improper handling of URL parameters during the update process for projects/elements, which could lead t...

Chainlit path traversal vulnerability

Chainlit is an open-source large-scale dialogue interface framework developed by Chainlit. Versions of Chainlit prior to 2.9.4 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of path parameters during the update process for /project/element, potentially...

agentengine-sdk-python (>=0.2.0 <=0.4.0), agentic-chat-ui (>=0.1.0 <=0.2.4) +42 more potentially affected by CVE-2026-22219 via chainlit (>=2.0.0 <=2.6.3)

chainlit PYPI version =2.0.0, =0.2.0, =0.1.0, =0.3.0, =0.0.3, =0.14.0, =0.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.1, =0.1.0, =1.3.0 and more Source cves: CVE-2026-22219 Source advisory: SNYK:PYTHON-CHAINLIT-15037182...

Server-side Request Forgery (SSRF)

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the /project/element update flow when the SQLAlchemy data layer backend is configured. An attacker can cause the server to send arbitrary HTTP requests to intern...