5 matches found
Session Hijacking
Chainlit is vulnerable to Session Hijacking. The vulnerability is due to missing ownership verification during WebSocket session restoration, where a valid sessionId can be used to restore another user's authenticated session, allowing attackers to gain unauthorized access with the victim's...
CVE-2026-56104
Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...
CVE-2026-56104
Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...
EUVD-2026-38285
Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...
PT-2026-51339
Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.10.1 Description An issue exists where unauthenticated attackers can restore and inherit authenticated user sessions. This occurs during WebSocket session restoration when a valid sessionId is presented without...