Primary

Context

Chainlit Authorization Bypass Vulnerability Allowing Unauthorized Thread Access

Vulnerability

An authorization bypass vulnerability has been identified in Chainlit versions prior to 2.8.5. This vulnerability allows logged-in users to manipulate user-controlled keys to bypass access restrictions, potentially leading to unauthorized viewing of threads or acquisition of thread ownership.

Impact

Exploitation of this vulnerability allows an attacker to view threads or gain ownership of threads in the application.

Remediation

Users are advised to update Chainlit to version 2.8.5 or later.

Added: Jan 14, 2026, 7:32 AM

Updated: Jan 14, 2026, 7:32 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

5.2

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

5.2

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chainlit Authorization Bypass Vulnerability Allowing Unauthorized Thread Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating