HIGH
Chainlit
CVE published 2026-06-22
CVE-2026-56104
CVE-2026-56104 is a session hijacking vulnerability in Chainlit before 2.10.1. This vulnerability allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the restore_existing_session path to assume a victim's permissions and roles, enabling unauthorized inv [truncated]