Chainlit IDOR: Stealing AI Chat History via Socket.IO
Jan 15, 2026·5 min read·2 visits
Executive Summary (TL;DR)
Chainlit versions before 2.8.5 trust the client-provided `threadId` during the Socket.IO handshake without verifying ownership. If an attacker guesses or obtains a valid thread UUID, they can impersonate the thread owner, read chat history, and potentially manipulate the conversation state. The fix involves a mandatory ownership check during connection.
A classic Insecure Direct Object Reference (IDOR) vulnerability in Chainlit's Socket.IO connection handling allows authenticated users to hijack chat sessions and view sensitive history by simply supplying another user's thread ID.
Official Patches
Fix Analysis (1)
Technical Appendix
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NAffected Systems
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
Chainlit Chainlit | < 2.8.5 | 2.8.5 |
| Attribute | Detail |
|---|---|
| CWE | CWE-639: Authorization Bypass Through User-Controlled Key |
| CVSS v3.1 | 4.2 (Medium) |
| CVSS v4.0 | 2.3 (Low) |
| Attack Vector | Network (Socket.IO) |
| Attack Complexity | High (Requires guessing/stealing UUID) |
| Privileges Required | Low (Authenticated User) |
| Impact | Confidentiality & Integrity (Partial) |
MITRE ATT&CK Mapping
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying a key value identifying the data.