prompts.chat SSRF via Fal.ai Media Status Polling

Advisories

prompts.chat SSRF via Fal.ai Media Status Polling

severity: high
date: 4/3/2026
Affecting: prompts.chat < commit 30a8f04
CVE: CVE-2026-22664
CWE: CWE-918 Server-Side Request Forgery (SSRF)
CVSS: 7.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: GitHub Gist
Patch Commit
Credit: Mehmet Ince @mdisec
Description: prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo