AI framework flaws put enterprise clouds at risk of takeover

Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.

Chainlit is a Python package that organizations can use to build production-ready AI chatbots and applications. Corporations can either use Chainlit's built-in UI and backend, or create their own frontend on top of Chainlit's backend. It also integrates with other tools and platforms including LangChain, OpenAI, Bedrock, and LlamaIndex, and supports authentication and cloud deployment options.

It's downloaded about 700,000 times every month and saw 5 million downloads last year.

The two vulnerabilities are CVE-2026-22218, which allows arbitrary file read, and CVE-2026-22219, which can lead to server-side request forgery (SSRF) attacks on the servers hosting AI applications.

While Zafran didn't see any indications of in-the-wild exploitation, "the internet-facing applications we observed belonged to the financial ...