High severity7.5NVD Advisory· Published Apr 3, 2026· Updated Apr 13, 2026

CVE-2026-22663

Description

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing authorization checks to retrieve private prompt version history, change requests, examples, current content, and metadata including titles and descriptions exposed via HTML meta tags.

Affected products

Fka/Prompts.chat
cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*
Range: <2026-03-25

Patches

7b81836b214f

https://github.com/f/prompts.chatvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/f/prompts.chat/commit/7b81836b214f2796aaf37ded2944eadc978afd35nvdPatch
github.com/f/prompts.chat/pull/1104nvdIssue TrackingPatchVendor Advisory
www.vulncheck.com/advisories/prompts-chat-authorization-bypass-information-disclosurenvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000