Description

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing authorization checks to retrieve private prompt version history, change requests, examples, current content, and metadata including titles and descriptions exposed via HTML meta tags.

INFO

Published Date :

2026-04-03T20:27:25.037Z

Last Modified :

2026-04-06T13:10:30.995Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22663 vulnerability.

Vendors Products
F
  • Prompts.chat
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22663.

URL Resource
https://github.com/f/prompts.chat/commit/7b81836b214f2796aaf37ded2944eadc978afd35 cve-icon cve-icon
https://github.com/f/prompts.chat/pull/1104 cve-icon cve-icon
https://www.vulncheck.com/advisories/prompts-chat-authorization-bypass-information-disclosure cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact