Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Chainlit security patch release for CVE-2026-22218

Security Patch Release
First reported
Last updated
Happening score
H score 24
2 unique sources, 2 articles

Summary

Hide ▲

Chainlit released version 2.9.4 to fix CVE-2026-22218 and CVE-2026-22219, closing flaws that could expose API keys, sensitive files, and internal metadata in AI application environments. The update matters because the bugs in the /project/element flow could be chained for data theft and lateral movement. The patch followed responsible disclosure on November 23, 2025 and covered a framework downloaded over 220,000 times in a week.

Related Happenings

LiteLLM security patch release for CVE-2026-42208

Security Patch Release
First: 29.04.2026 00:07 Last: 29.04.2026 00:07 Sources 1

About this happening: **LiteLLM version 1.83.7** ships a fix for **CVE-2026-42208**, closing a **critical SQL injection** path in the proxy API key verification flow. The release replaces **string conc...

Open Happening

Smart Slider 3 security patch (CVE-2026-3098)

Security Patch Release
First: 29.03.2026 17:38 Last: 29.03.2026 17:38 Sources 1

About this happening: Nextendweb released **Smart Slider version 3.5.1.34** on **March 24, 2026**, closing **CVE-2026-3098** in the **Smart Slider 3 WordPress plugin**. The patch fixes an **arbitrary f...

Open Happening

LangSmith version 0.12.71 security update (CVE-2026-25750)

Security Patch Release
First: 17.03.2026 18:39 Last: 17.03.2026 18:39 Sources 1

About this happening: **LangSmith** released **version 0.12.71** to fix **CVE-2026-25750**, a high-severity flaw that could enable **token theft** and **account takeover**. The update applies to both *...

Open Happening

Elementor Ally 4.1.0 security patch release (CVE-2026-2313)

Security Patch Release
First: 11.03.2026 21:38 Last: 11.03.2026 21:38 Sources 1

About this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...

Open Happening

SAP security patch release for CVE-2019-17571

Security Patch Release
First: 11.03.2026 14:26 Last: 11.03.2026 14:26 Sources 1

About this happening: **SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...

Open Happening

Timeline

  1. 21.01.2026 11:10 1 articles · 4mo ago

    Chainlit responsible disclosure of CVE-2026-22218 and CVE-2026-22219

    Initial Disclosure

    Responsible disclosure of CVE-2026-22218 and CVE-2026-22219 reached Chainlit on November 23, 2025, initiating remediation for an arbitrary file read flaw and an SSRF flaw in the /project/element update flow.

    Show sources
    Open in new tab
  2. 21.01.2026 11:10 2 articles · 4mo ago

    Chainlit version 2.9.4 fixes CVE-2026-22218 and CVE-2026-22219

    Mitigation Patch Update

    Chainlit released version 2.9.4 on December 24, 2025 to address CVE-2026-22218 and CVE-2026-22219, reducing the risk of arbitrary file read, SSRF, and downstream credential exposure in Chainlit deployments.

    Show sources
    Open in new tab