Home > Vulnerability Database > CVE-2025-68492

Mend.io Vulnerability Database

CVE-2025-68492

Good to know:

Date: January 14, 2026

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.

Severity Score

4.2

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68492

Url: https://github.com/Chainlit/chainlit/releases

Url: https://github.com/Chainlit/chainlit/commit/8f1153db439eca58ae5c50c8276ba6fdd311448e

Url: https://github.com/Chainlit/chainlit

Url: https://jvn.jp/en/jp/JVN34964581

Url: https://github.com/Chainlit/chainlit/pull/2637

Url: https://github.com/Chainlit/chainlit/releases/tag/2.8.5

Url: https://jvn.jp/en/jp/JVN34964581/

Url: https://www.mend.io/vulnerability-database/CVE-2025-68492

Severity Score

4.2

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version chainlit - 2.8.5;chainlit - 2.8.5;https://github.com/Chainlit/chainlit.git - 2.8.5

Learn More

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68492

Good to know:

Date: January 14, 2026

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?