High severityOSV Advisory· Published Jan 19, 2026· Updated Mar 5, 2026
Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element
CVE-2026-22219
Description
Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy element creation logic using an outbound HTTP GET request. This allows an attacker to make arbitrary HTTP requests from the Chainlit server to internal network services or cloud metadata endpoints and store the retrieved responses via the configured storage provider.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
chainlitPyPI | < 2.9.4 | 2.9.4 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/Chainlit/chainlit/releases/tag/2.9.4ghsarelease-notespatchWEB
- www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeoverghsatechnical-descriptionexploitWEB
- github.com/advisories/GHSA-2g59-m95p-pgfqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-22219ghsaADVISORY
- www.vulncheck.com/advisories/chainlit-sqlalchemy-data-layer-ssrf-via-project-elementghsathird-party-advisoryWEB
- github.com/Chainlit/chainlit/commit/ffc3cce648b343b933e10e85ee5805c7e02ab3bfghsaWEB
News mentions
0No linked articles in our index yet.