Description
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account.
Published: 2026-04-03
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a server‑side request forgery flaw in the Fal.ai media status polling feature of prompts.chat prior to commit 30a8f04. Authenticated users can supply an attacker‑controlled URL in the token parameter, causing the server to issue arbitrary outbound requests. Because Fal.ai URLs are not validated, the request includes the FAL_API_KEY in the Authorization header, exposing the key. This results in credential theft, internal network probing, and abuse of the victim’s Fal.ai account.

Affected Systems

The vulnerability is present in prompts.chat deployments running any code prior to commit 30a8f04. Users and administrators should verify the version in use and determine whether the affected code base remains in production.

Risk and Exploitability

The flaw has a CVSS score of 7.1, indicating moderate‑to‑high severity, yet the EPSS score is below 1% and it is not listed in the CISA KEV catalog, suggesting a low probability of widespread exploitation. The attack requires authentication to the service, which limits the attack surface, but the potential to exfiltrate sensitive keys and probe internal resources makes it a significant risk if unpatched.

Generated by OpenCVE AI on May 26, 2026 at 15:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update prompts.chat to the version that includes commit 30a8f04
  • Disable the Fal.ai media status polling feature for all authenticated users until a patch is applied
  • Configure outbound firewall rules to block the prompts.chat server from making external HTTP requests

Generated by OpenCVE AI on May 26, 2026 at 15:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account. prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account.

Mon, 13 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Fka
Fka prompts.chat
CPEs cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*
Vendors & Products Fka
Fka prompts.chat

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared F
F prompts.chat
Vendors & Products F
F prompts.chat

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Description prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account.
Title prompts.chat SSRF via Fal.ai Media Status Polling
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

F Prompts.chat
Fka Prompts.chat
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T11:51:59.759Z

Reserved: 2026-01-08T19:04:26.364Z

Link: CVE-2026-22664

cve-icon Vulnrichment

Updated: 2026-04-07T14:19:39.533Z

cve-icon NVD

Status : Modified

Published: 2026-04-03T21:17:09.513

Modified: 2026-05-26T14:16:29.270

Link: CVE-2026-22664

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T15:45:08Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)