Description
Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy element creation logic using an outbound HTTP GET request. This allows an attacker to make arbitrary HTTP requests from the Chainlit server to internal network services or cloud metadata endpoints and store the retrieved responses via the configured storage provider.
Published: 2026-01-19
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery (SSRF)
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an authenticated client to supply a forged URL in an Element that the server then fetches using an outbound HTTP GET request. The retrieved content is stored via the configured storage provider. This flaw can expose internal network services, cloud metadata endpoints, or other internal resources to an attacker, potentially enabling data exfiltration, internal reconnaissance or further attacks rooted in the data returned from those services.

Affected Systems

Chainlit Chainlit versions earlier than 2.9.4 are affected when using the SQLAlchemy data layer backend. Users running any unsupported release prior to 2.9.4 are at risk if the /project/element update flow is exposed.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity flaw, but the EPSS score of less than 1% suggests a low probability of exploitation at present. The flaw is not listed in the CISA KEV catalog. An authenticated attacker can use the SSRF path to reach internal resources; the risk is primarily the ability to read or interact with services the application can reach from its environment.

Generated by OpenCVE AI on April 18, 2026 at 04:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Chainlit to version 2.9.4 or later, which removes the SSRF flaw in the /project/element update flow.
  • If an immediate upgrade is not feasible, restrict the Chainlit process to a secure network segment or configure outbound firewall rules to block HTTP requests to sensitive internal hosts or cloud metadata endpoints.
  • Consider disabling the /project/element update API or the SQLAlchemy data layer in environments where this function is not required, thereby eliminating the code path that performs the outbound request.

Generated by OpenCVE AI on April 18, 2026 at 04:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2g59-m95p-pgfq Chainlit contain a server-side request forgery (SSRF) vulnerability
History

Mon, 02 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:chainlit:chainlit:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

Tue, 20 Jan 2026 18:45:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Chainlit
Chainlit chainlit
Vendors & Products Chainlit
Chainlit chainlit

Mon, 19 Jan 2026 23:30:00 +0000

Type Values Removed Values Added
Description Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy element creation logic using an outbound HTTP GET request. This allows an attacker to make arbitrary HTTP requests from the Chainlit server to internal network services or cloud metadata endpoints and store the retrieved responses via the configured storage provider.
Title Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

Chainlit Chainlit
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-05T01:30:20.148Z

Reserved: 2026-01-06T17:54:14.092Z

Link: CVE-2026-22219

cve-icon Vulnrichment

Updated: 2026-01-20T17:19:36.933Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-20T00:15:49.053

Modified: 2026-02-02T20:56:09.457

Link: CVE-2026-22219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:00:06Z

Weaknesses