Skip to content
CVSS 7.3 · HIGH

CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Ver en NVD

Análisis

NextChat (ChatGPTNextWeb) versions up to 2.16.1 are vulnerable to Server-Side Request Forgery (SSRF) in the proxyHandler function. This allows remote attackers to potentially access internal network resources by routing requests through the server. A public exploit exists and users of this self-hosted UI should be aware that the project has not yet officially patched the issue.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-918

EPSS

Probabilidad de explotación (próx. 30 días): 0.0007 (0.1%)
Percentil: 20.3%
EPSS: 2026-05-06

Afecta

nextchat:nextchat

Descripción técnica

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Publicada: 27/4/2026, 22:16:18
Última modificación: 30/4/2026, 19:26:15

Referencias

InicioEventosBlogRecursosEquipo