Vulnerabilities ›

CVE-2026-22664

High

CWE-918 — Weakness Type

                    Published: Apr 3, 2026                      ·  Modified: Apr 7, 2026                      ·  Source: NVD                

CVSS v3

7.7

🔗 NVD Official

📄 Description (English)

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL validation to disclose the FAL_API_KEY in the Authorization header, enabling credential theft, internal network probing, and abuse of the victim's Fal.ai account.

🤖 AI Executive Summary

CVE-2026-22664 is a server-side request forgery (SSRF) vulnerability in prompts.chat that allows authenticated users to perform arbitrary outbound requests and steal sensitive API credentials (FAL_API_KEY). The vulnerability affects Fal.ai media status polling functionality and lacks URL validation, enabling credential theft and internal network reconnaissance. With a CVSS score of 7.7, this poses a significant risk to organizations using prompts.chat for AI-powered applications.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 29, 2026 15:35

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations in fintech, government digital transformation initiatives, and AI-driven customer service platforms are at risk. Banking sector (SAMA-regulated entities) using prompts.chat for chatbot services face credential exposure and potential unauthorized access to Fal.ai resources. Government agencies (NCA oversight) leveraging AI tools for citizen services could experience data exfiltration. Telecom operators (STC, Mobily) and e-commerce platforms using this service for media processing are vulnerable to internal network probing and API key compromise.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Fintech and Payment Processing Telecommunications E-commerce and Retail Healthcare Energy and Utilities

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1589 - Gather Victim Identity Information T1590 - Gather Victim Network Information T1598 - Phishing for Information T1557 - Man-in-the-Middle T1040 - Network Sniffing T1021 - Remote Services T1552 - Unsecured Credentials T1552.007 - Credentials in Files T1526 - Scan IP Blocks

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Audit all instances of prompts.chat deployment and identify systems using Fal.ai media status polling

2. Rotate FAL_API_KEY credentials immediately and revoke compromised keys

3. Review access logs for suspicious outbound requests from prompts.chat instances

4. Restrict network egress from prompts.chat servers to only necessary Fal.ai endpoints



Patching Guidance:

1. Update to commit 30a8f04 or later when available

2. Monitor prompts.chat GitHub repository for security patches

3. Implement a temporary workaround by disabling media status polling if not critical



Compensating Controls:

1. Implement strict URL validation and whitelisting for all token parameters

2. Deploy Web Application Firewall (WAF) rules to block suspicious outbound requests

3. Use network segmentation to isolate prompts.chat from sensitive internal systems

4. Enable request logging and monitoring for all Fal.ai API calls

5. Implement API key rotation policies (30-day maximum)

6. Deploy SSRF detection rules: monitor for requests to internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.1, localhost)



Detection Rules:

1. Alert on Authorization header exposure in outbound requests

2. Monitor for requests to internal/private IP addresses from prompts.chat

3. Track unusual outbound connections from prompts.chat servers

4. Log all token parameter values for forensic analysis

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تدقيق جميع حالات نشر prompts.chat وتحديد الأنظمة التي تستخدم استقصاء حالة وسائط Fal.ai

2. تدوير بيانات اعتماد FAL_API_KEY فوراً وإلغاء المفاتيح المخترقة

3. مراجعة سجلات الوصول للطلبات الخارجية المريبة من حالات prompts.chat

4. تقييد الخروج من شبكة خوادم prompts.chat إلى نقاط نهاية Fal.ai الضرورية فقط

إرشادات التصحيح:

1. التحديث إلى الالتزام 30a8f04 أو أحدث عند توفره

2. مراقبة مستودع prompts.chat على GitHub للحصول على تصحيحات الأمان

3. تنفيذ حل مؤقت بتعطيل استقصاء حالة الوسائط إذا لم يكن حرجاً

الضوابط التعويضية:

1. تنفيذ التحقق الصارم من صحة عناوين URL والقوائم البيضاء لجميع معاملات الرموز

2. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحظر الطلبات الخارجية المريبة

3. استخدام تقسيم الشبكة لعزل prompts.chat عن الأنظمة الداخلية الحساسة

4. تفعيل تسجيل المراقبة لجميع استدعاءات API الخاصة بـ Fal.ai

5. تنفيذ سياسات تدوير مفاتيح API (30 يوماً كحد أقصى)

6. نشر قواعد كشف SSRF: مراقبة الطلبات إلى نطاقات IP الداخلية (10.0.0.0/8، 172.16.0.0/12، 192.168.0.0/16، 127.0.0.1، localhost)

قواعد الكشف:

1. تنبيه عند تعريض رأس Authorization في الطلبات الخارجية

2. مراقبة الطلبات إلى عناوين IP الداخلية/الخاصة من prompts.chat

3. تتبع الاتصالات الخارجية غير العادية من خوادم prompts.chat

4. تسجيل جميع قيم معاملات الرموز للتحليل الجنائي

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.5.2.1 - User Registration and Access Rights Management ECC 2024 A.6.1.2 - Segregation of Duties ECC 2024 A.8.2.1 - Classification of Information ECC 2024 A.8.2.3 - Handling of Assets ECC 2024 A.12.4.1 - Event Logging ECC 2024 A.12.4.3 - Administrator and Operator Logs ECC 2024 A.13.1.1 - Network Security Perimeter ECC 2024 A.13.1.3 - Segregation of Networks

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Software Inventory SAMA CSF PR.AC-1 - Access Control Policy SAMA CSF PR.AC-4 - Access Rights Management SAMA CSF PR.DS-1 - Data Security Policy SAMA CSF DE.AE-1 - Anomalies and Events Detection SAMA CSF DE.CM-1 - Network Monitoring SAMA CSF RS.AN-1 - Characterization of Incident

🟡 ISO 27001:2022

ISO 27001:2022 A.5.1 - Policies for Information Security ISO 27001:2022 A.5.2 - Information Security Roles and Responsibilities ISO 27001:2022 A.6.1 - Screening ISO 27001:2022 A.8.1 - Asset Inventory ISO 27001:2022 A.8.2 - Ownership of Assets ISO 27001:2022 A.8.3 - Acceptable Use of Assets ISO 27001:2022 A.13.1 - Network Security ISO 27001:2022 A.13.2 - Information Transfer ISO 27001:2022 A.14.2 - Secure Development Policy

🟣 PCI DSS v4.0.1

PCI DSS 1.1 - Firewall Configuration Standards PCI DSS 2.1 - Default Security Parameters PCI DSS 6.2 - Security Patches PCI DSS 10.2 - User Access Logging PCI DSS 10.3 - Logging of Access to Audit Trails

🔗 References & Sources 3

🔗

https://gist.github.com/mdisec/27c0cac0ec6a8f3c8f85a18987ddb942

disclosure@vulncheck.com

🔗

https://github.com/f/prompts.chat/commit/30a8f0470e0ba45e6be9c9f55220f4a9a6b91c99

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/prompts-chat-ssrf-via-fal-ai-media-status-polling

disclosure@vulncheck.com

📊 CVSS Score

7.7

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.7

CWECWE-918

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-03

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-918

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-22664

💬 Comments

Introduce Yourself

Sign In Required