Vulnerability Details CVE-2026-22218
Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/<chainlitKey>, allowing disclosure of any file readable by the Chainlit service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.8%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-22218
-
cpe:2.3:a:chainlit:chainlit:0.1.1
-
cpe:2.3:a:chainlit:chainlit:0.1.101
-
cpe:2.3:a:chainlit:chainlit:0.1.102
-
cpe:2.3:a:chainlit:chainlit:0.1.103
-
cpe:2.3:a:chainlit:chainlit:0.2.0
-
cpe:2.3:a:chainlit:chainlit:0.2.1
-
cpe:2.3:a:chainlit:chainlit:0.2.101
-
cpe:2.3:a:chainlit:chainlit:0.2.102
-
cpe:2.3:a:chainlit:chainlit:0.2.103
-
cpe:2.3:a:chainlit:chainlit:0.2.104
-
cpe:2.3:a:chainlit:chainlit:0.2.105
-
cpe:2.3:a:chainlit:chainlit:0.2.106
-
cpe:2.3:a:chainlit:chainlit:0.2.107
-
cpe:2.3:a:chainlit:chainlit:0.2.108
-
cpe:2.3:a:chainlit:chainlit:0.2.109
-
cpe:2.3:a:chainlit:chainlit:0.2.110
-
cpe:2.3:a:chainlit:chainlit:0.2.111
-
cpe:2.3:a:chainlit:chainlit:0.3.0
-
cpe:2.3:a:chainlit:chainlit:0.4.0
-
cpe:2.3:a:chainlit:chainlit:0.4.1
-
cpe:2.3:a:chainlit:chainlit:0.4.101
-
cpe:2.3:a:chainlit:chainlit:0.4.2
-
cpe:2.3:a:chainlit:chainlit:0.4.3
-
cpe:2.3:a:chainlit:chainlit:0.5.0
-
cpe:2.3:a:chainlit:chainlit:0.5.1
-
cpe:2.3:a:chainlit:chainlit:0.5.2
-
cpe:2.3:a:chainlit:chainlit:0.6.0
-
cpe:2.3:a:chainlit:chainlit:0.6.1
-
cpe:2.3:a:chainlit:chainlit:0.6.2
-
cpe:2.3:a:chainlit:chainlit:0.6.3
-
cpe:2.3:a:chainlit:chainlit:0.6.4
-
cpe:2.3:a:chainlit:chainlit:0.6.401
-
cpe:2.3:a:chainlit:chainlit:0.6.402
-
cpe:2.3:a:chainlit:chainlit:0.7.0
-
cpe:2.3:a:chainlit:chainlit:0.7.1
-
cpe:2.3:a:chainlit:chainlit:0.7.2
-
cpe:2.3:a:chainlit:chainlit:0.7.3
-
cpe:2.3:a:chainlit:chainlit:0.7.301
-
cpe:2.3:a:chainlit:chainlit:0.7.400
-
cpe:2.3:a:chainlit:chainlit:0.7.500
-
cpe:2.3:a:chainlit:chainlit:0.7.501
-
cpe:2.3:a:chainlit:chainlit:0.7.600
-
cpe:2.3:a:chainlit:chainlit:0.7.601
-
cpe:2.3:a:chainlit:chainlit:0.7.602
-
cpe:2.3:a:chainlit:chainlit:0.7.603
-
cpe:2.3:a:chainlit:chainlit:0.7.604
-
cpe:2.3:a:chainlit:chainlit:0.7.700
-
cpe:2.3:a:chainlit:chainlit:1.0.0
-
cpe:2.3:a:chainlit:chainlit:1.0.100
-
cpe:2.3:a:chainlit:chainlit:1.0.101
-
cpe:2.3:a:chainlit:chainlit:1.0.200
-
cpe:2.3:a:chainlit:chainlit:1.0.300
-
cpe:2.3:a:chainlit:chainlit:1.0.301
-
cpe:2.3:a:chainlit:chainlit:1.0.400
-
cpe:2.3:a:chainlit:chainlit:1.0.401
-
cpe:2.3:a:chainlit:chainlit:1.0.500
-
cpe:2.3:a:chainlit:chainlit:1.0.501
-
cpe:2.3:a:chainlit:chainlit:1.0.502
-
cpe:2.3:a:chainlit:chainlit:1.0.503
-
cpe:2.3:a:chainlit:chainlit:1.0.504
-
cpe:2.3:a:chainlit:chainlit:1.0.505
-
cpe:2.3:a:chainlit:chainlit:1.0.506
-
cpe:2.3:a:chainlit:chainlit:1.1.0
-
cpe:2.3:a:chainlit:chainlit:1.1.101
-
cpe:2.3:a:chainlit:chainlit:1.1.200
-
cpe:2.3:a:chainlit:chainlit:1.1.201
-
cpe:2.3:a:chainlit:chainlit:1.1.202
-
cpe:2.3:a:chainlit:chainlit:1.1.300
-
cpe:2.3:a:chainlit:chainlit:1.1.301
-
cpe:2.3:a:chainlit:chainlit:1.1.302
-
cpe:2.3:a:chainlit:chainlit:1.1.303
-
cpe:2.3:a:chainlit:chainlit:1.1.304
-
cpe:2.3:a:chainlit:chainlit:1.1.305
-
cpe:2.3:a:chainlit:chainlit:1.1.306
-
cpe:2.3:a:chainlit:chainlit:1.1.400
-
cpe:2.3:a:chainlit:chainlit:1.1.401
-
cpe:2.3:a:chainlit:chainlit:1.1.402
-
cpe:2.3:a:chainlit:chainlit:1.1.403
-
cpe:2.3:a:chainlit:chainlit:1.1.404
-
cpe:2.3:a:chainlit:chainlit:1.2.0
-
cpe:2.3:a:chainlit:chainlit:1.3.0
-
cpe:2.3:a:chainlit:chainlit:1.3.1
-
cpe:2.3:a:chainlit:chainlit:1.3.2
-
cpe:2.3:a:chainlit:chainlit:2.0
-
cpe:2.3:a:chainlit:chainlit:2.0.0
-
cpe:2.3:a:chainlit:chainlit:2.0.1
-
cpe:2.3:a:chainlit:chainlit:2.0.2
-
cpe:2.3:a:chainlit:chainlit:2.0.3
-
cpe:2.3:a:chainlit:chainlit:2.0.4
-
cpe:2.3:a:chainlit:chainlit:2.0.5
-
cpe:2.3:a:chainlit:chainlit:2.0.6
-
cpe:2.3:a:chainlit:chainlit:2.0.601
-
cpe:2.3:a:chainlit:chainlit:2.0.602
-
cpe:2.3:a:chainlit:chainlit:2.0.603
-
cpe:2.3:a:chainlit:chainlit:2.1.0
-
cpe:2.3:a:chainlit:chainlit:2.1.1
-
cpe:2.3:a:chainlit:chainlit:2.1.2
-
cpe:2.3:a:chainlit:chainlit:2.2.0
-
cpe:2.3:a:chainlit:chainlit:2.2.1
-
cpe:2.3:a:chainlit:chainlit:2.3.0
-
cpe:2.3:a:chainlit:chainlit:2.4.0
-
cpe:2.3:a:chainlit:chainlit:2.4.1
-
cpe:2.3:a:chainlit:chainlit:2.4.2
-
cpe:2.3:a:chainlit:chainlit:2.4.201
-
cpe:2.3:a:chainlit:chainlit:2.4.3
-
cpe:2.3:a:chainlit:chainlit:2.4.301
-
cpe:2.3:a:chainlit:chainlit:2.4.302
-
cpe:2.3:a:chainlit:chainlit:2.4.400
-
cpe:2.3:a:chainlit:chainlit:2.5.5
-
cpe:2.3:a:chainlit:chainlit:2.6.0
-
cpe:2.3:a:chainlit:chainlit:2.6.1
-
cpe:2.3:a:chainlit:chainlit:2.6.2
-
cpe:2.3:a:chainlit:chainlit:2.6.3
-
cpe:2.3:a:chainlit:chainlit:2.6.4
-
cpe:2.3:a:chainlit:chainlit:2.6.5
-
cpe:2.3:a:chainlit:chainlit:2.6.6
-
cpe:2.3:a:chainlit:chainlit:2.6.7
-
cpe:2.3:a:chainlit:chainlit:2.6.8
-
cpe:2.3:a:chainlit:chainlit:2.6.9
-
cpe:2.3:a:chainlit:chainlit:2.7.0
-
cpe:2.3:a:chainlit:chainlit:2.7.1
-
cpe:2.3:a:chainlit:chainlit:2.7.1.1
-
cpe:2.3:a:chainlit:chainlit:2.7.2
-
cpe:2.3:a:chainlit:chainlit:2.8.0
-
cpe:2.3:a:chainlit:chainlit:2.8.1
-
cpe:2.3:a:chainlit:chainlit:2.8.2
-
cpe:2.3:a:chainlit:chainlit:2.8.3
-
cpe:2.3:a:chainlit:chainlit:2.8.4
-
cpe:2.3:a:chainlit:chainlit:2.8.5
-
cpe:2.3:a:chainlit:chainlit:2.9.0
-
cpe:2.3:a:chainlit:chainlit:2.9.1
-
cpe:2.3:a:chainlit:chainlit:2.9.2
-
cpe:2.3:a:chainlit:chainlit:2.9.3