Home > Vulnerability Database > CVE-2026-22218

Mend.io Vulnerability Database

CVE-2026-22218

Good to know:

Date: January 19, 2026

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/<chainlitKey>, allowing disclosure of any file readable by the Chainlit service.

Severity Score

6.5

Related Resources (5)

Url: https://www.zafran.io/resources/chainleak-critical-ai-framework-vulnerabilities-expose-data-enable-cloud-takeover

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22218

Url: https://www.vulncheck.com/advisories/chainlit-arbitrary-file-read-via-project-element

Url: https://github.com/Chainlit/chainlit/releases/tag/2.9.4

Url: https://www.mend.io/vulnerability-database/CVE-2026-22218

Severity Score

6.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version chainlit - 2.9.4;chainlit - 2.9.4

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22218

Good to know:

Date: January 19, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?