Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/<chainlitKey>, allowing disclosure of any file readable by the Chainlit service.
References
| Link | Resource |
|---|---|
| https://github.com/Chainlit/chainlit/releases/tag/2.9.4 | Product Release Notes |
| https://www.vulncheck.com/advisories/chainlit-arbitrary-file-read-via-project-element | Third Party Advisory |
| https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover | Exploit Mitigation Third Party Advisory |
Configurations
History
02 Feb 2026, 20:56
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Chainlit/chainlit/releases/tag/2.9.4 - Product, Release Notes | |
| References | () https://www.vulncheck.com/advisories/chainlit-arbitrary-file-read-via-project-element - Third Party Advisory | |
| References | () https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover - Exploit, Mitigation, Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| CPE | cpe:2.3:a:chainlit:chainlit:*:*:*:*:*:*:*:* | |
| First Time |
Chainlit
Chainlit chainlit |
20 Jan 2026, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
20 Jan 2026, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-20 00:15
Updated : 2026-02-02 20:56
NVD link : CVE-2026-22218
Mitre link : CVE-2026-22218
CVE.ORG link : CVE-2026-22218
JSON object : View
Products Affected
chainlit
- chainlit
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')