Cybersecurity

Cyber: Chainlit AI Framework Flaws Enable Data Theft Via File Read And...

2026-01-21 0 views admin
Cyber: Chainlit AI Framework Flaws Enable Data Theft Via File Read And...

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization.

Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or perform server-side request forgery (SSRF) attacks against servers hosting AI applications.

Chainlit is a framework for creating conversational chatbots. According to statistics shared by the Python Software Foundation, the package has been downloaded over 220,000 times over the past week. It has attracted a total of 7.3 million downloads to date.

Details of the two vulnerabilities are as follows -

"The two Chainlit vulnerabilities can be combined in multiple ways to leak sensitive data, escalate privileges, and move laterally within the system," Zafran researchers Gal Zaban and Ido Shani said. "Once an attacker gains arbitrary file read access on the server, the AI application's security quickly begins to collapse. What initially appears to be a contained flaw becomes direct access to the system's most sensitive secrets and internal state."

For instance, an attacker can weaponize CVE-2026-22218 to read "/proc/self/environ," allowing them to glean valuable information such as API keys, credentials, and internal file paths that could be used to burrow deeper into the compromised network and even gain access to the application source code. Alternatively, it can be used to leak database files if the setup uses SQLAlchemy with an SQLite backend as its data layer.

Following responsible disclosure on November 23, 2025, both vulnerabilities were addressed by Chainlit in version 2.9.4 released on December 24, 2025.

"As organizations rapidly adopt AI frameworks and third-party components, long-standing classes of software vulnerabilities are being embedded directly into AI infrastructure," Zafran said. "These frameworks introduce new and often poorly understood attack surfaces, where well-known vulnerability classes can directly compromise AI-powered systems."

The disclosure comes as BlueRock disclosed a vulnerability in Microsoft's MarkItDown Model Context Protocol (MCP) server dubbed MCP fURI that enables arbitrary calling of URI resources, exposing organizations to privilege escalation, SSRF, and data leakage attacks. The shortcoming affects the server when running

Source: The Hacker News

🏷️ Tags

securityvulnerabilitycveattack

More from Cybersecurity

Cyber: Chainlit AI Framework Bugs Let Hackers Breach Cloud Environments

Cyber: Chainlit AI Framework Bugs Let Hackers Breach Cloud Environments

2026-01-21 0
Cyber: Cisco Fixes Unified Communications RCE Zero Day Exploited In Attacks

Cyber: Cisco Fixes Unified Communications RCE Zero Day Exploited In Attacks

2026-01-21 0
Cyber: New Android Malware Uses AI To Click On Hidden Browser Ads 2026

Cyber: New Android Malware Uses AI To Click On Hidden Browser Ads 2026

2026-01-21 0
Cyber: 'contagious Interview' Attack Now Delivers Backdoor Via Vs Code

Cyber: 'contagious Interview' Attack Now Delivers Backdoor Via Vs Code

2026-01-21 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views