5 matches found
CVE-2026-22218
Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...
Chainlit path traversal vulnerability
Chainlit is an open-source large-scale dialogue interface framework developed by Chainlit. Versions of Chainlit prior to 2.9.4 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of path parameters during the update process for /project/element, potentially...
CVE-2026-22218 Chainlit < 2.9.4 Arbitrary File Read via /project/element
Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...
PT-2026-3515
Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 have an arbitrary file read issue in the /project/element update process. An authenticated client can submit a custom Element with a user-defined path, which causes...
PT-2026-3516
Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated...