Lucene search
K

6 matches found

Snyk
Snyk
added 2026/04/03 10:21 p.m.8 views

Server-side Request Forgery (SSRF)

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the token parameter in the Fal.ai media status polling flow. An attacker can access sensitive...

7.7CVSS5.7AI score0.00301EPSS
Exploits1References2
NVD
NVD
added 2026/04/03 9:17 p.m.6 views

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS0.00301EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/03 8:27 p.m.22 views

CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS0.00301EPSS
Exploits1References3
CVE
CVE
added 2026/04/03 8:27 p.m.28 views

CVE-2026-22664

The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...

7.7CVSS5.3AI score0.00301EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:27 p.m.3 views

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS5.9AI score0.00301EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/03 8:27 p.m.4 views

CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS5.9AI score0.00301EPSS
Exploits1References3
Rows per page
Query Builder