Skip to content
CVSS 7.3 · HIGH

CVE-2026-7178

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

View on NVD

Analysis

ChatGPTNextWeb (NextChat) versions up to 2.16.1 are vulnerable to a Server-Side Request Forgery (SSRF) in the Artifacts Endpoint. If you self-host this tool, remote attackers can use your server to probe internal network services or access cloud metadata; as a public exploit exists and the project has not yet released a fix, extra caution is advised when exposing this service.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-918

EPSS

Probability of exploitation (next 30 days): 0.0007 (0.1%)
Percentile: 20.3%
EPSS: 2026-05-06

Affects

nextchat:nextchat

Technical description

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Published: 4/27/2026, 10:16:19 PM
Last modified: 4/30/2026, 7:26:52 PM

References

HomeEventsBlogResourcesTeam