Primary

Context

Chainlit Arbitrary File Read Vulnerability

Vulnerability

A vulnerability allowing arbitrary file read has been identified in Chainlit versions prior to 2.9.4. This issue arises in the /project/element update flow, where an authenticated client can send a custom Element with a user-controlled path. This action causes the server to copy the referenced file into the attacker's session. The attacker can then use the resulting element identifier (chainlitKey) to retrieve the file contents via the /project/file/<chainlitKey> endpoint, disclosing any file that is readable by the Chainlit service.

Impact

Exploitation of this vulnerability allows for unauthorized disclosure of files accessible to the Chainlit service, potentially leading to exposure of sensitive information.

Remediation

Users are advised to update Chainlit to version 2.9.4 or later, where this vulnerability has been fixed.

Added: Jan 20, 2026, 12:18 AM

Updated: Jan 20, 2026, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

5.2

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

5.2

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chainlit Arbitrary File Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating