- Chainlit contained two high-severity flaws that can leak files and enable SSRF from the server.
- Attackers could extract cloud API keys, database files, or internal metadata to move laterally inside networks.
- Patches were released in version 2.9.4; affected deployments should update immediately.
Chainlit, an open-source framework for chatbots, had two serious vulnerabilities that can expose secrets and enable server-side request forgery. Researchers at Zafran Security disclosed the issues after responsible disclosure on November 23, 2025; fixes appeared in version 2.9.4 on December 24, 2025. The package has seen heavy use, with the project page showing wide adoption and downloads; the package was downloaded over 220,000 times in one week and totals millions of downloads, per public stats.
Zafran labeled the flaws ChainLeak. One issue, CVE-2026-22218 (CVSS 7.1), allows authenticated attackers to read arbitrary files via the "/project/element" update flow when user-controller fields lack validation. The other, CVE-2026-22219 (CVSS 8.3), is an SSRF in the same flow when Chainlit uses an SQLAlchemy data layer backend.
Zafran researchers warned of combined impact. "The two Chainlit vulnerabilities can be combined in multiple ways to leak sensitive data, escalate privileges, and move laterally within the system," they said. Attackers could read files such as "/proc/self/environ" to recover API keys and credentials, or exfiltrate SQLite database files when SQLAlchemy uses an SQLite backend.
The disclosure also referenced another AI server flaw. Security firm Microsoft-markitdown-vulnerabilities”>BlueRock reported a vulnerability in Microsoft MarkItDown MCP that allows arbitrary URI calls. "This vulnerability allows an attacker to execute the Markitdown MCP tool convert_to_markdown to call an arbitrary uniform resource identifier (URI)," BlueRock said, adding that metadata queries can reveal AWS instance credentials.
Operators should update affected Chainlit installs to the patched release and follow secure deployment practices described in the project documentation at Chainlit docs and in vendor advisories. More technical details and mitigation guidance are available in the linked advisories and CVE entries.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- India’s BRICS Push Counters US Tariffs, Boosts Global South.
- Nansen launches AI chat trading on Base and Solana networks.
- LastPass phishing scam targets users, seeks master passwords
- Shiba Inu Plummets 60% in Year – Swing Traders Eye 36% Rise!
- CBI bought $507M in USDT to shore up rial via Nobitex bridge
