Cyber Resilience

CVE-2026-22663

HighPublic PoC

Published: 03 April 2026

Published
03 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0028 19.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22663 is a high-severity Missing Authorization (CWE-862) vulnerability in Fka Prompts.Chat. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-22663 is a set of multiple authorization bypass vulnerabilities (CWE-862) affecting prompts.chat prior to commit 7b81836. The issues stem from missing isPrivate checks in various API endpoints and page metadata generation, enabling unauthorized access to sensitive data tied to private prompts. Published on 2026-04-03 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), it exposes high confidentiality impacts without requiring privileges, user interaction, or scope changes.

Attackers with network access can exploit these flaws as unauthenticated users to retrieve private prompt data, including version history, change requests, examples, current content, and metadata such as titles and descriptions leaked via HTML meta tags. No special privileges or user interaction are needed, making it straightforward for remote adversaries to enumerate and extract sensitive information from private resources across the application.

Mitigation involves updating to commit 7b81836, as detailed in the project's GitHub commit and pull request #1104. The VulnCheck advisory provides further analysis on the authorization bypass and information disclosure risks, recommending verification of isPrivate enforcement in affected endpoints.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing authorization…

more

checks to retrieve private prompt version history, change requests, examples, current content, and metadata including titles and descriptions exposed via HTML meta tags.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Auth bypass in public-facing web app directly enables remote unauthenticated access to private data via T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22665Same product: Fka Prompts.Chat
CVE-2026-22661Same product: Fka Prompts.Chat
CVE-2026-22664Same product: Fka Prompts.Chat
CVE-2025-69311Shared CWE-862
CVE-2026-3266Shared CWE-862
CVE-2026-45438Shared CWE-862
CVE-2025-23477Shared CWE-862
CVE-2025-68834Shared CWE-862
CVE-2024-12544Shared CWE-862
CVE-2024-50967Shared CWE-862

Affected Assets

fka
prompts.chat
≤ 2026-03-25

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for logical access to private prompt data, directly addressing the missing isPrivate checks in API endpoints and page metadata generation.

prevent

Ensures publicly accessible content like HTML meta tags does not expose unauthorized private prompt metadata, titles, and descriptions.

detect

Monitors system components for unauthorized disclosures of sensitive private prompt data such as version history and content.

References