Platform
python
Component
chainlit
Fixed in
2.9.4
2.9.4
Chainlit versions up to 2.9.3 are vulnerable to a server-side request forgery (SSRF) vulnerability. This flaw resides in the /project/element update flow when using the SQLAlchemy data layer backend. An authenticated client can exploit this by injecting a malicious URL, allowing the Chainlit server to make unauthorized HTTP requests and potentially expose sensitive internal data.
The SSRF vulnerability allows an attacker to initiate arbitrary HTTP requests from the Chainlit server. This can be leveraged to access internal network services, cloud metadata endpoints, or any other resource accessible to the server. The attacker can then store the retrieved responses via the configured storage provider, potentially exfiltrating sensitive data such as API keys, database credentials, or internal configuration information. This vulnerability is particularly concerning as it bypasses standard network security controls, allowing access to resources that should be isolated from external requests. The SQLAlchemy backend's reliance on user-supplied URLs without proper validation is the root cause of this issue.
This vulnerability was publicly disclosed on 2026-01-20. There are currently no known public proof-of-concept exploits available, but the SSRF nature of the vulnerability makes it relatively easy to exploit. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation, combined with the potential for data exfiltration, warrants careful attention and prompt remediation.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-22219 is to upgrade Chainlit to version 2.9.4 or later, which includes the necessary fix. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound HTTP requests and block suspicious URLs. Specifically, block requests to known metadata endpoints or internal IP ranges. Additionally, review and restrict the permissions of the Chainlit service account to minimize the potential impact of a successful SSRF attack. After upgrading, confirm the fix by attempting to trigger the element update flow with a known malicious URL and verifying that the request is blocked or handled safely.
Update Chainlit to version 2.9.4 or higher. This version fixes the SSRF vulnerability in the SQLAlchemy data layer. The update will prevent attackers from making arbitrary HTTP requests from the Chainlit server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22219 is a server-side request forgery (SSRF) vulnerability affecting Chainlit versions up to 2.9.3, allowing attackers to make unauthorized HTTP requests.
You are affected if you are using Chainlit versions 2.9.3 or earlier and have the SQLAlchemy data layer backend enabled.
Upgrade Chainlit to version 2.9.4 or later to resolve this vulnerability. Consider WAF rules as a temporary mitigation.
There are currently no confirmed reports of active exploitation, but the vulnerability's nature makes it easily exploitable.
Refer to the Chainlit security advisory for detailed information and updates: [https://chainlit.io/blog/security-update-ssrf-vulnerability](https://chainlit.io/blog/security-update-ssrf-vulnerability)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.