CVE-2026-22662
Blind SSRF in prompts.chat Wiro Media Generator Enables Data Exfiltration
Publication date: 2026-04-03
Last updated on: 2026-04-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fka | prompts.chat | to 2026-03-24 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in prompts.chat prior to commit 1464475 within the Wiro media generator component. It is a blind server-side request forgery (SSRF) vulnerability that allows authenticated users to make the server perform fetches based on user-controlled inputImageUrl parameters.
Attackers can exploit this by sending POST requests to the /api/media-generate endpoint, which enables them to probe internal networks, access internal services, and exfiltrate data through the upstream Wiro service without receiving direct response bodies.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to use authenticated access to make the server fetch arbitrary URLs, potentially probing internal network resources that are not normally accessible externally.
Such exploitation can lead to unauthorized access to internal services and data exfiltration, which may compromise sensitive information and internal infrastructure security.