Опубликовано: 14 янв. 2026
Источник: github
Github: Прошло ревью
CVSS4: 2.3
CVSS3: 4.2
Описание
Chainlit contains an authorization bypass vulnerability
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-68492
- https://github.com/Chainlit/chainlit/pull/2637
- https://github.com/Chainlit/chainlit/commit/8f1153db439eca58ae5c50c8276ba6fdd311448e
- https://github.com/Chainlit/chainlit/releases
- https://github.com/Chainlit/chainlit/releases/tag/2.8.5
- https://jvn.jp/en/jp/JVN34964581
Пакеты
Наименование
chainlit
pip
Затронутые версииВерсия исправления
< 2.8.5
2.8.5
Связанные уязвимости
CVSS3: 4.2
nvd
24 дня назад
Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.