What is CVE-2026-22662?

CVE-2026-22662 is a medium-severity vulnerability in F Prompts.chat, classified under Server-Side Request Forgery (SSRF). CVSS score: 4.3/10. Published 2026-04-03.

How severe is CVE-2026-22662?

Medium severity. CVSS v3 base score is 4.3 out of 10.

SSRF in F Prompts.chat

CVE-2026-22662

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attacke…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

F Prompts.chat — versions 0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

github.com/f/prompts.chat/pull/1102 (issue-tracking)
github.com/f/prompts.chat/commit/1464475df2698fb7ccd0cdbc382b0750466f891d (patch)
www.vulncheck.com/advisories/prompts-chat-blind-ssrf-via-media-generate (third-party-advisory)

Frequently asked questions

What is CVE-2026-22662?: CVE-2026-22662 is a medium-severity vulnerability in F Prompts.chat, classified under Server-Side Request Forgery (SSRF). CVSS score: 4.3/10. Published 2026-04-03.
How severe is CVE-2026-22662?: Medium severity. CVSS v3 base score is 4.3 out of 10.