216.73.217.86

CVE-2026-22218

· Published 20/01/2026 00:15 · Modified 20/01/2026 19:15

Labels: CVE-2026-22218 2026-01-20CVE-2026-22218CWE-22[email protected]

Essential information

Published
20/01/2026 00:15
Modified
20/01/2026 19:15
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/<chainlitKey>, allowing disclosure of any file readable by the Chainlit service.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
chainlit / chainlit cpe:2.3:a:chainlit:chainlit:<2.9.4:*:*:*:*:*:*:*

References