{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/prompts.chat/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-22661"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["path-traversal","file-write","code-execution","cve-2026-22661","prompts.chat","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eprompts.chat, a software application, is vulnerable to a path traversal attack (CVE-2026-22661) in versions prior to commit 0f8d4c3. This vulnerability stems from insufficient server-side validation of filenames within skill file archives. A remote attacker can exploit this by crafting malicious ZIP archives that contain filenames with path traversal sequences (e.g., ../). When a vulnerable prompts.chat instance extracts these archives, the lack of proper sanitization allows the attacker to write files to arbitrary locations on the file system, potentially overwriting critical system files and achieving arbitrary code execution. This poses a significant risk to system integrity and confidentiality.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious ZIP archive containing a specially crafted skill file.\u003c/li\u003e\n\u003cli\u003eThe filenames within the ZIP archive include path traversal sequences such as \u003ccode\u003e../\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads the malicious ZIP archive to the prompts.chat application.\u003c/li\u003e\n\u003cli\u003eprompts.chat processes the uploaded ZIP archive without properly sanitizing the filenames.\u003c/li\u003e\n\u003cli\u003eThe application extracts the contents of the ZIP archive, writing files to locations specified in the malicious filenames.\u003c/li\u003e\n\u003cli\u003ePath traversal sequences in the filenames allow the attacker to write files outside the intended extraction directory.\u003c/li\u003e\n\u003cli\u003eThe attacker overwrites shell initialization files (e.g., \u003ccode\u003e.bashrc\u003c/code\u003e, \u003ccode\u003e.profile\u003c/code\u003e, \u003ccode\u003e.bash_profile\u003c/code\u003e) or other executable files.\u003c/li\u003e\n\u003cli\u003eWhen a user logs in or a new shell is spawned, the overwritten initialization file executes malicious code, granting the attacker arbitrary code execution on the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-22661 allows an attacker to write arbitrary files to the client system, leading to potential overwrite of sensitive system files and arbitrary code execution. The vulnerability affects systems running vulnerable versions of prompts.chat. The impact includes complete compromise of the system, data theft, and further propagation of malicious activities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch by upgrading to commit 0f8d4c3 or later to remediate CVE-2026-22661.\u003c/li\u003e\n\u003cli\u003eImplement server-side filename validation and sanitization to prevent path traversal attacks when handling ZIP archives within prompts.chat.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences in filenames as identified by the provided rules.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-04T12:00:00Z","date_published":"2026-04-04T12:00:00Z","id":"/briefs/2026-04-prompts-chat-traversal/","summary":"A path traversal vulnerability exists in prompts.chat prior to commit 0f8d4c3, allowing attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames.","title":"prompts.chat Path Traversal Vulnerability (CVE-2026-22661)","url":"https://feed.craftedsignal.io/briefs/2026-04-prompts-chat-traversal/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-22664"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","cve-2026-22664","fal.ai","prompts.chat"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eprompts.chat, a web application, contains a server-side request forgery (SSRF) vulnerability affecting versions prior to commit 30a8f04. This flaw resides in the Fal.ai media status polling feature. An authenticated user can inject arbitrary URLs into the \u003ccode\u003etoken\u003c/code\u003e parameter, causing the server to make outbound requests to attacker-controlled destinations. The vulnerability, identified as CVE-2026-22664, allows attackers to potentially extract the \u003ccode\u003eFAL_API_KEY\u003c/code\u003e from the \u003ccode\u003eAuthorization\u003c/code\u003e header during these requests. Successful exploitation can result in credential theft, internal network probing, and abuse of the victim\u0026rsquo;s Fal.ai account. This vulnerability poses a significant risk as it could lead to unauthorized access and data breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the prompts.chat application.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious URL containing a server controlled by them.\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a media status polling request to Fal.ai, injecting the malicious URL into the \u003ccode\u003etoken\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe prompts.chat server, lacking proper URL validation, makes an outbound HTTP request to the attacker\u0026rsquo;s server.\u003c/li\u003e\n\u003cli\u003eThe request includes the \u003ccode\u003eAuthorization\u003c/code\u003e header, potentially exposing the \u003ccode\u003eFAL_API_KEY\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s server captures the \u003ccode\u003eAuthorization\u003c/code\u003e header containing the \u003ccode\u003eFAL_API_KEY\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen \u003ccode\u003eFAL_API_KEY\u003c/code\u003e to access the victim\u0026rsquo;s Fal.ai account.\u003c/li\u003e\n\u003cli\u003eThe attacker performs unauthorized actions, such as data exfiltration or resource abuse.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability (CVE-2026-22664) allows attackers to steal the \u003ccode\u003eFAL_API_KEY\u003c/code\u003e, potentially impacting all users of the vulnerable prompts.chat application who utilize the Fal.ai integration. Consequences include unauthorized access to Fal.ai accounts, data breaches, internal network scans originating from the prompts.chat server, and financial losses due to resource abuse. The specific number of victims and the extent of the damage depend on the attacker\u0026rsquo;s objectives and the permissions associated with the compromised Fal.ai API key.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for outbound requests to unusual or suspicious domains originating from the prompts.chat server to detect potential SSRF attempts (log source: webserver).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect HTTP requests containing a suspicious \u003ccode\u003etoken\u003c/code\u003e parameter potentially indicative of SSRF exploitation.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual outbound connections from the prompts.chat server (log source: network_connection).\u003c/li\u003e\n\u003cli\u003eApply the patch or upgrade prompts.chat to a version after commit 30a8f04, which addresses the CVE-2026-22664 vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T21:17:09Z","date_published":"2026-04-03T21:17:09Z","id":"/briefs/2026-04-prompts-chat-ssrf/","summary":"prompts.chat prior to commit 30a8f04 is vulnerable to server-side request forgery (SSRF) in Fal.ai media status polling, allowing authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs, leading to potential credential theft and internal network probing.","title":"prompts.chat Fal.ai SSRF Vulnerability (CVE-2026-22664)","url":"https://feed.craftedsignal.io/briefs/2026-04-prompts-chat-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Prompts.chat","version":"https://jsonfeed.org/version/1.1"}