Skip to main content

AI / ML CVE-2026-22219

HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-01-20 disclosure@vulncheck.com GHSA-2g59-m95p-pgfq
SSRF AI / ML Chainlit
7.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.7 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 02, 2026 - 20:56 vuln.today
Public exploit code
CVE Published
Jan 20, 2026 - 00:15 nvd
HIGH 7.7

DescriptionCVE.org

Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy element creation logic using an outbound HTTP GET request. This allows an attacker to make arbitrary HTTP requests from the Chainlit server to internal network services or cloud metadata endpoints and store the retrieved responses via the configured storage provider.

AnalysisAI

Chainlit versions before 2.9.4 with SQLAlchemy backend contain a server-side request forgery vulnerability in the project element update endpoint that allows authenticated attackers to make arbitrary HTTP requests from the server. Public exploit code exists for this vulnerability, enabling attackers to reach internal network services, cloud metadata endpoints, and store responses through the configured storage system. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Chainlit instance
Delivery
Craft Element with malicious URL parameter
Exploit
Submit to /project/element update endpoint
Execution
Server fetches URL from internal network
Impact
Retrieve sensitive data via response storage
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Chainlit version < 2.9.4 with SQLAlchemy data layer backend configured. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.7 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker (requires authentication) could exploit this vulnerability to make arbitrary HTTP requests from the Chainlit server to internal network servic.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 7 days: Identify all affected systems and apply vendor patches promptly. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-22219 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy