CNNVD-202601-3087 Information

CNNVD ID

CNNVD-202601-3087

Related CVE

CVE-2026-22219

• CNNVD Published: 2026-01-20

Description (Chinese)

Chainlit是chainlit开源的一个大模型对话界面框架。 Chainlit 2.9.4之前版本存在代码问题漏洞，该漏洞源于对/project/element更新流程中URL参数处理不当，可能导致服务器端请求伪造。

Description (English)

Chainlit is a framework for a large-scale model dialogue interface for the open source of chainlit. Chainlit 2.9.4 had a code problem loophole that stemmed from the mishandling of the URL parameters in the/project/election update process, which could lead to the forgery of server requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

chainlit

Published

2026-01-20

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/chainlit-sqlalchemy-data-layer-ssrf-via-project-element https://github.com/Chainlit/chainlit/releases/tag/2.9.4 https://access.redhat.com/security/cve/cve-2026-22219

Patch

https://github.com/Chainlit/chainlit/releases