Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account.
AnalysisAI
Server-side request forgery (SSRF) in prompts.chat allows authenticated users to force the server to make arbitrary HTTP requests with the application's FAL_API_KEY exposed in Authorization headers. Attackers can exploit unvalidated URL parameters in Fal.ai media status polling to exfiltrate API credentials, probe internal networks, and abuse the victim's Fal.ai account resources. Patch available via GitHub commit 30a8f04. No public exploit identified at time of analysis, though CVSS vector indicates low attack complexity with network-based attack vector requiring only low privileges.
Technical ContextAI
This vulnerability affects prompts.chat (cpe:2.3:a:f:prompts.chat), a web application that integrates with Fal.ai for media processing. The flaw is classified as CWE-918 (Server-Side Request Forgery), occurring in the media status polling mechanism for Fal.ai operations. The application accepts a token parameter containing URLs for polling media generation status but fails to validate or sanitize these URLs before making outbound HTTP requests. When the server performs these requests, it includes the FAL_API_KEY in the Authorization header, allowing attackers to redirect requests to attacker-controlled endpoints. This creates a classic SSRF condition where user-supplied input directly controls backend HTTP request destinations without proper allowlist validation or URL scheme restrictions, compounded by credential leakage through header forwarding.
RemediationAI
Organizations should immediately upgrade to prompts.chat commit 30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99 or later, which addresses the SSRF vulnerability by implementing proper URL validation in the Fal.ai media status polling mechanism. The patch is available from the official GitHub repository at https://github.com/f/prompts.chat/commit/30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99. After patching, organizations should rotate FAL_API_KEY credentials immediately to invalidate any keys potentially exfiltrated through prior exploitation. As an interim mitigation if immediate patching is not possible, restrict network egress from the prompts.chat server to only necessary Fal.ai endpoints using firewall rules or network policies, and implement authentication log monitoring to detect suspicious authenticated user activity targeting media polling endpoints. Review application logs for unusual outbound requests or polling behavior that may indicate historical exploitation attempts. Complete remediation guidance is available in the VulnCheck advisory at https://www.vulncheck.com/advisories/prompts-chat-ssrf-via-fal-ai-media-status-polling.
More in Prompts Chat
View allAuthorization bypass vulnerabilities in prompts.chat (pre-commit 7b81836) expose private prompt data to unauthenticated
Path traversal in prompts.chat skill file extraction allows unauthenticated remote attackers to write arbitrary files an
Identity confusion in prompts.chat (prior to commit 1464475) enables authenticated attackers to impersonate users and hi
Blind server-side request forgery in prompts.chat media generator allows authenticated users to manipulate the inputImag
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18827
GHSA-43rw-xw76-9g92