Gal Zaban
Gal Zaban is a Research Team Lead at Zafran. Gal has over 10 years of experience as a Security Researcher, with vast experience in reverse engineering. She has a particular interest in low-level research and vulnerability research. Gal also contributed a C++ reverse engineering class to Open Security Training2 and presented in various security and development conferences.
Session
As organizations rapidly adopt AI frameworks and third-party components, traditional software
vulnerabilities are increasingly being introduced into AI infrastructure. While AI security discussions often
focus on model level issues such as prompt injections, the most dangerous risks frequently arise from
traditional software vulnerabilities within the frameworks that power AI systems.
In this talk, we will present two vulnerabilities we discovered in Chainlit, a widely used open-source
framework that helps building conversational AI apps (CVE-2026-22218 and CVE-2026-22219). The issues
affect internet-facing AI systems and can be triggered remotely, enabling attackers to steal sensitive files,
leak cloud API keys and secrets, and perform server-side request forgery (SSRF) on the AI framework
server. We confirmed the vulnerabilities in real world, internet facing applications used by major
enterprises, demonstrating how a framework layer vulnerabilities can escalate to cloud level impact.
We will walk through the technical details of the vulnerabilities and the exploitation chain that leads to
server compromise and credential exposure. We’ll also show how leaking artifacts such as cached
conversation history, configuration files, or environment variables can reveal highly sensitive enterprise
data.