Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2026/01/14 9:31 a.m.12 views

Chainlit contains an authorization bypass vulnerability

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

4.2CVSS6.8AI score0.00217EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/01/14 6:27 a.m.17 views

CVE-2025-68492

Chainlit contains an authorization bypass vulnerability (CVE-2025-68492) affecting versions prior to 2.8.5. An attacker who can log in may view threads or obtain thread ownership due to a user-controlled key flaw (CWE-639). Documented impact is limited to those who can authenticate; no exploit sp...

4.2CVSS6.4AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2026/01/14 6:27 a.m.5 views

CVE-2025-68492

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

2.3CVSS5.7AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.8 views

PT-2026-2833

Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.8.5 Description Chainlit versions prior to 2.8.5 have an authorization bypass due to a user-controlled key issue. Successful exploitation could allow an attacker to view threads or gain ownership of threads after...

4.2CVSS5.9AI score0.00217EPSS
Exploits0References14
Rows per page
Query Builder