VYPR
Unrated severityOSV Advisory· Published Jan 19, 2026· Updated Mar 5, 2026

Chainlit < 2.9.4 Arbitrary File Read via /project/element

CVE-2026-22218

Description

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/, allowing disclosure of any file readable by the Chainlit service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Chainlit/ChainlitOSV2 versions
    0.1.1, 0.1.101, 0.1.102, …+ 1 more
    • (no CPE)range: 0.1.1, 0.1.101, 0.1.102, …
    • (no CPE)range: <2.9.4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.