BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.pass-the-salt.org//pts2026//talk//MPAYUX BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-pts2026-MPAYUX@cfp.pass-the-salt.org DTSTART;TZID=CET:20260701T145000 DTEND;TZID=CET:20260701T152500 DESCRIPTION:As organizations rapidly adopt AI frameworks and third-party co mponents\, traditional software\nvulnerabilities are increasingly being in troduced into AI infrastructure. While AI security discussions often\nfocu s on model level issues such as prompt injections\, the most dangerous ris ks frequently arise from\ntraditional software vulnerabilities within the frameworks that power AI systems.\n\nIn this talk\, we will present two vu lnerabilities we discovered in Chainlit\, a widely used open-source\nframe work that helps building conversational AI apps (CVE-2026-22218 and CVE-20 26-22219). The issues\naffect internet-facing AI systems and can be trigge red remotely\, enabling attackers to steal sensitive files\,\nleak cloud A PI keys and secrets\, and perform server-side request forgery (SSRF) on th e AI framework\nserver. We confirmed the vulnerabilities in real world\, i nternet facing applications used by major\nenterprises\, demonstrating how a framework layer vulnerabilities can escalate to cloud level impact.\n\n We will walk through the technical details of the vulnerabilities and the exploitation chain that leads to\nserver compromise and credential exposur e. We’ll also show how leaking artifacts such as cached\nconversation hi story\, configuration files\, or environment variables can reveal highly s ensitive enterprise\ndata. DTSTAMP:20260514T113557Z LOCATION:Amphitheater 122 SUMMARY:ChainLeak: From AI Framework to Cloud Secrets - Gal Zaban\, Ido Sha ni URL:https://cfp.pass-the-salt.org/pts2026/talk/MPAYUX/ END:VEVENT END:VCALENDAR