CVE-2026-22218 - Chainlit < 2.9.4 Arbitrary File Read via /project/element

CVE ID : CVE-2026-22218 Published : Jan. 19, 2026, 11:14 p.m. | 1 hour, 13 minutes ago Description : Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/, allowing disclosure of any file readable by the Chainlit service. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...