Platform
nodejs
Component
prompts-chat
Fixed in
30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99
CVE-2026-22664 describes a server-side request forgery (SSRF) vulnerability discovered in prompts.chat, specifically within the Fal.ai media status polling functionality. This flaw allows authenticated users to initiate arbitrary outbound requests by manipulating the token parameter, bypassing URL validation controls. Affected versions include those prior to commit 30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99, and a fix is available in version 30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99.
The SSRF vulnerability in prompts.chat poses a significant risk because it enables attackers to disclose sensitive credentials. By crafting malicious URLs within the token parameter, an attacker can trick the application into making outbound requests to arbitrary destinations. Crucially, this can lead to the exposure of the FALAPIKEY, which is included in the Authorization header of these requests. With possession of this API key, an attacker could impersonate the victim user, access and manipulate data within the Fal.ai account, probe the internal network for further vulnerabilities, and potentially launch further attacks leveraging the compromised account. The blast radius extends beyond the immediate application to encompass the entire Fal.ai ecosystem and any internal resources accessible through the victim's account.
CVE-2026-22664 was publicly disclosed on April 3, 2026. There is currently no indication of active exploitation campaigns targeting this vulnerability. The EPSS score is pending evaluation. Public proof-of-concept code is not yet available, but the vulnerability's nature and the potential for credential theft make it a likely target for exploitation. Monitor security advisories and threat intelligence feeds for any updates.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
The primary mitigation for CVE-2026-22664 is to immediately upgrade prompts.chat to version 30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99 or later, which contains the fix for the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter outbound requests and block those containing suspicious URLs. Specifically, configure the WAF to block requests with attacker-controlled URLs in the token parameter. Additionally, review and restrict network access for the Fal.ai application to minimize the potential impact of a successful exploitation. After upgrading, confirm the fix by attempting to trigger the media status polling with a crafted URL and verifying that the FALAPIKEY is not exposed in the outbound request.
Update prompts.chat to the version that includes commit 30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99. This fix validates the URLs provided in the token parameter during Fal.ai media status polling, mitigating the SSRF vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22664 is a server-side request forgery vulnerability in prompts.chat that allows attackers to disclose sensitive API keys by manipulating URLs.
You are affected if you are using prompts.chat versions prior to 30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99.
Upgrade to version 30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99 or later. Implement WAF rules to block suspicious outbound requests.
There is currently no confirmed active exploitation, but the vulnerability's potential for credential theft makes it a likely target.
Refer to the prompts.chat release notes and security advisories on their official website or GitHub repository.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.