CNNVD-202601-3089 Information

CNNVD ID

CNNVD-202601-3089

Related CVE

CVE-2026-22218

• CNNVD Published: 2026-01-20

Description (Chinese)

Chainlit是chainlit开源的一个大模型对话界面框架。 Chainlit 2.9.4之前版本存在路径遍历漏洞，该漏洞源于对/project/element更新流程中路径参数处理不当，可能导致任意文件读取。

Description (English)

Chainlit is a framework for a large-scale model dialogue interface for the open source of chainlit. The previous version of Chainlit 2.9.4 had a loophole in the path, which stemmed from the mishandling of the path parameters in the/project/election update process, which could lead to any document being read.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

chainlit

Published

2026-01-20

Last Modified

2026-02-24

References

https://github.com/Chainlit/chainlit/releases/tag/2.9.4 https://www.vulncheck.com/advisories/chainlit-arbitrary-file-read-via-project-element https://access.redhat.com/security/cve/cve-2026-22218

Patch

https://github.com/Chainlit/chainlit/releases