Chainlit Enables Arbitrary File Read And SSRF
Zafran disclosed two vulnerabilities in Chainlit in November, and Chainlit released a patched 2.9.4 release a month later. The flaws (CVE-2026-22218 and CVE-2026-22219) allow arbitrary file reads and SSRF, risking exposure of environment variables, API keys, cloud credentials, and authentication token forgery in internet-facing deployments used by financial, energy, and academic organizations. Users should update to Chainlit 2.9.4 immediately.
Key Points
- 1Identify two vulnerabilities (CVE-2026-22218, CVE-2026-22219) allowing arbitrary file read and SSRF
- 2Affect widely used Chainlit backend (700,000 monthly downloads), exposing internal secrets and cloud credentials
- 3Require immediate upgrade to Chainlit 2.9.4 to prevent data exfiltration, token forgery, and lateral movement
Scoring Rationale
High credibility and directly actionable patch; impact limited by scope to Chainlit deployments rather than all AI frameworks.
Sources
Public references used for this report.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems


