24h | 7d | 30d

Overview

  • Chainlit
  • Chainlit

19 Jan 2026
Published
20 Jan 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.04%

KEV

Description

Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy element creation logic using an outbound HTTP GET request. This allows an attacker to make arbitrary HTTP requests from the Chainlit server to internal network services or cloud metadata endpoints and store the retrieved responses via the configured storage provider.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture

Chainlit vulnerabilities expose sensitive information
securityweek.com/chainlit-vuln
Two high-severity security flaws (CVE-2026-22218 and CVE-2026-22219) were identified in the open-source Chainlit framework, which is used to build conversational AI applications. These vulnerabilities can allow attackers to read arbitrary files or make requests to internal services, posing significant risk to enterprise deployments.

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Chainlit
  • Chainlit

19 Jan 2026
Published
21 Jan 2026
Updated

CVSS v4.0
HIGH (7.1)
EPSS
0.02%

KEV

Description

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/<chainlitKey>, allowing disclosure of any file readable by the Chainlit service.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture

Chainlit vulnerabilities expose sensitive information
securityweek.com/chainlit-vuln
Two high-severity security flaws (CVE-2026-22218 and CVE-2026-22219) were identified in the open-source Chainlit framework, which is used to build conversational AI applications. These vulnerabilities can allow attackers to read arbitrary files or make requests to internal services, posing significant risk to enterprise deployments.

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Monsta Limited of New Zealand
  • Monsta FTP

07 Nov 2025
Published
19 Nov 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
68.44%

KEV

Description

Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture
The latest update for #Foresiet includes "CVE-2026-23745: A Deep Dive into the node-tar Arbitrary File Overwrite Vulnerability" and "Exploiting Monsta FTP: Technical Analysis of CVE-2025-34299". #cybersecurity #infosec https://opsmtrs.com/3J3CMGz
  • 0
  • 0
  • 0
  • 23h ago
Showing 41 to 43 of 43 CVEs