Overview
- Zafran disclosed CVE-2026-22218 (arbitrary file read, CVSS 7.1) and CVE-2026-22219 (SSRF, CVSS 8.3) in Chainlit’s /project/element update flow, with the SSRF affecting setups using the SQLAlchemy data layer.
- Attackers could read /proc/self/environ to harvest API keys, cloud credentials, and the CHAINLIT_AUTH_SECRET, leak conversation data, and combine the bugs to escalate privileges and move laterally.
- Chainlit fixed the issues in version 2.9.4 released on December 24, 2025, and users are advised to upgrade to 2.9.4 or later, with some outlets noting 2.9.6 as the latest available release.
- Researchers observed widespread, internet-facing use of Chainlit, including in financial services, energy firms, and universities, with roughly 700,000 monthly downloads and millions overall.
- Zafran published temporary web application firewall signatures to reduce exposure until patches are applied, and experts recommend promptly updating and auditing exposed Chainlit servers.