Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing authorization checks to retrieve private prompt version history, change requests, examples, current content, and metadata including titles and descriptions exposed via HTML meta tags.
AnalysisAI
Authorization bypass vulnerabilities in prompts.chat (pre-commit 7b81836) expose private prompt data to unauthenticated remote attackers. Missing isPrivate validation checks across multiple API endpoints and metadata generation functions allow unauthorized retrieval of version history, change requests, examples, content, and HTML meta tag information for prompts marked private. No public exploit identified at time of analysis, though CVSS 8.7 reflects network-accessible, low-complexity attack requiring no privileges. Vendor-released patch available via GitHub commit 7b81836b21.
Technical ContextAI
This vulnerability affects prompts.chat, a web application for managing and sharing prompt templates (cpe:2.3:a:f:prompts.chat). The root cause (CWE-862: Missing Authorization) stems from inadequate server-side access control enforcement. The application relies on isPrivate flags to distinguish public versus private prompts, but multiple API endpoints and the page metadata generation logic fail to verify this flag before returning sensitive data. The CVSS 4.0 vector (AV:N/AC:L/PR:N) confirms these endpoints are network-accessible without authentication, and the straightforward exploitation path requires no specialized conditions. This represents a classic broken access control scenario where client-side or database-level privacy indicators exist but backend authorization logic is incomplete, allowing direct object reference attacks against private resources.
RemediationAI
Vendor-released patch: Organizations must immediately update to commit 7b81836b214f2796aaf37ded2944eadc978afd35 or any subsequent version that includes this fix. The patch can be obtained from the GitHub repository at https://github.com/f/prompts.chat/commit/7b81836b214f2796aaf37ded2944eadc978afd35, and the associated pull request #1104 (https://github.com/f/prompts.chat/pull/1104) provides implementation context. For self-hosted deployments, pull the latest code from the main branch and rebuild. As an interim mitigation if patching is delayed, consider implementing reverse proxy rules to restrict API endpoint access to authenticated users only, though this workaround may impact legitimate functionality and does not address metadata leakage in HTML responses. Network segmentation to limit exposure of the prompts.chat instance is advisable until patching is complete. Post-patch, conduct an audit to identify potentially compromised private prompts and notify affected users.
More in Prompts Chat
View allPath traversal in prompts.chat skill file extraction allows unauthenticated remote attackers to write arbitrary files an
Identity confusion in prompts.chat (prior to commit 1464475) enables authenticated attackers to impersonate users and hi
Server-side request forgery (SSRF) in prompts.chat allows authenticated users to force the server to make arbitrary HTTP
Blind server-side request forgery in prompts.chat media generator allows authenticated users to manipulate the inputImag
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18825
GHSA-hphm-9vp4-h223