CVE-2026-22218
-
Two high severity flaws in Chainlit allow file theft and SSRF in cloud deployments
Two high severity Chainlit vulnerabilities allow arbitrary file reads and SSRF that can expose secrets and internal services. Patches were released in Chainlit 2.9.4 on December 24, 2025. Upgrades are recommended.
-
ChainLeak flaws in Chainlit framework risk API key exposure and SSRF
High-severity ChainLeak vulnerabilities in the Chainlit AI framework can leak cloud API keys and enable SSRF. Two CVEs were disclosed in November 2025 and patches were issued in version 2.9.4 on December 24, 2025.
