Lucene search
K

5 matches found

NVD
NVD
added 2026/01/20 12:15 a.m.8 views

CVE-2026-22218

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

7.1CVSS0.08843EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.9 views

Chainlit path traversal vulnerability

Chainlit is an open-source large-scale dialogue interface framework developed by Chainlit. Versions of Chainlit prior to 2.9.4 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of path parameters during the update process for /project/element, potentially...

7.1CVSS6.1AI score0.08843EPSS
Exploits1References3
OSV
OSV
added 2026/01/19 11:14 p.m.6 views

CVE-2026-22218 Chainlit < 2.9.4 Arbitrary File Read via /project/element

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

7.1CVSS6.2AI score0.08843EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.8 views

PT-2026-3515

Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 have an arbitrary file read issue in the /project/element update process. An authenticated client can submit a custom Element with a user-defined path, which causes...

7.1CVSS5.9AI score0.08843EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.13 views

PT-2026-3516

Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated...

8.3CVSS6.3AI score0.04439EPSS
Exploits1References26
Rows per page
Query Builder