Vulnerabilities in Chainlit have exposed user data.

Two high‑severity vulnerabilities in Chainlit allowed arbitrary file reads and SSRF attacks without user interaction, exposing sensitive information. These flaws enabled attackers to exfiltrate environment variables, API keys, internal IPs, authentication secrets, and even full databases depending on configuration. Internet‑facing Chainlit instances used by major enterprises and academic institutions were at risk, especially those relying on SQLAlchemy or LangChain integrations.

Read more:

https://www.securityweek.com/chainlit-vulnerabilities-may-leak-sensitive-information/