{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7177", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-27T08:15:58.463Z", "datePublished": "2026-04-27T21:45:15.349Z", "dateUpdated": "2026-04-28T14:47:57.952Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-27T21:45:15.349Z"}, "title": "ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "ChatGPTNextWeb", "product": "NextChat", "versions": [{"version": "2.16.0", "status": "affected"}, {"version": "2.16.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-27T10:21:11.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-b (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359779", "name": "VDB-359779 | ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359779/cti", "name": "VDB-359779 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797645", "name": "Submit #797645 | nextchat <= 2.16.1 Server-Side Request Forgery / SSRF (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ChatGPTNextWeb/NextChat/issues/6742", "tags": ["issue-tracking"]}, {"url": "https://gist.github.com/YLChen-007/da6b00024f5b7e1d4fa0658c19b77fbf", "tags": ["exploit"]}, {"url": "https://github.com/ChatGPTNextWeb/NextChat/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T14:47:49.679157Z", "id": "CVE-2026-7177", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:47:57.952Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7177", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T14:47:49.679157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:47:54.698Z"}}], "cna": {"title": "ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-b (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "ChatGPTNextWeb", "product": "NextChat", "versions": [{"status": "affected", "version": "2.16.0"}, {"status": "affected", "version": "2.16.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-27T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-27T10:21:11.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359779", "name": "VDB-359779 | ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359779/cti", "name": "VDB-359779 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797645", "name": "Submit #797645 | nextchat <= 2.16.1 Server-Side Request Forgery / SSRF (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ChatGPTNextWeb/NextChat/issues/6742", "tags": ["issue-tracking"]}, {"url": "https://gist.github.com/YLChen-007/da6b00024f5b7e1d4fa0658c19b77fbf", "tags": ["exploit"]}, {"url": "https://github.com/ChatGPTNextWeb/NextChat/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-27T21:45:15.349Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7177", "state": "PUBLISHED", "dateUpdated": "2026-04-28T14:47:57.952Z", "dateReserved": "2026-04-27T08:15:58.463Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-27T21:45:15.349Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextchat:nextchat:2.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9914C8A-D623-470F-AB08-22AB34A87D4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextchat:nextchat:2.16.1:*:*:*:*:*:*:*", "matchCriteriaId": "C07942DD-696B-4AE6-BD2F-87ECBF749E92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-7177", "lastModified": "2026-04-30T19:26:15.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-27T22:16:18.860", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/YLChen-007/da6b00024f5b7e1d4fa0658c19b77fbf"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/ChatGPTNextWeb/NextChat/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/ChatGPTNextWeb/NextChat/issues/6742"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vuldb.com/submit/797645"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/359779"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/vuln/359779/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.16.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.16.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "NextChat", "source": "cna", "vendor": "ChatGPTNextWeb"}, "product": "nextchat", "vendor": "chatgptnextweb"}], "analysis": {"en": {"generated_at": "2026-04-28T19:39:18.094282+00:00", "value": {"mitigation_remediation": ["Apply the latest patch or upgrade to a version of NextChat that removes the vulnerable proxyHandler (e.g., 2.16.2 or newer).", "If an upgrade is not immediately possible, impose network restrictions that block outbound requests from the NextChat process, limiting connectivity to a whitelist of approved domains.", "If code changes are not feasible, configure the application to validate requested URLs against an approved whitelist and reject any hostnames or IP addresses not explicitly allowed, thereby preventing the server from initiating requests to internal or disallowed destinations."], "summary": {"action": "Immediate Patch", "impact": "Server-side request forgery"}, "threat_synthesis": {"affected_systems": "The affected product is ChatGPTNextWeb\u2019s NextChat application, specifically releases up to and including 2.16.1. No other versions are confirmed, and the project has released the source on GitHub at https://github.com/ChatGPTNextWeb/NextChat; the source files indicate the vulnerability is tied to the proxyHandler route. Organizations running this application should verify that their deployed version is not 2.16.1 or older, or that they have applied a patch that removes the insecure handler.", "description_and_impact": "NextChat in ChatGPTNextWeb, up to version 2.16.1, contains a flaw in the proxyHandler function located in app/api/[provider]/[...path]/route.ts. The vulnerability allows an attacker to manipulate the function so that the server performs HTTP requests to arbitrary destinations. This remote exploitation grants the attacker the ability to reach internal network resources, exfiltrate data, or use the server as a proxy to attack other systems. The weakness is identified as CWE\u2011918 and results in a moderate CVSS score of 6.9.", "risk_and_exploitability": "The exploit is available publicly and can be performed from a remote location. Although the EPSS score is not provided, the CVSS score reflects a moderate risk. The vulnerability is not listed in the CISA KEV catalog, indicating it has not yet been catalogued as a widely known exploit at the time of this assessment. Attackers can target exposed NextChat endpoints to force outbound requests, potentially accessing internal or public resources. No specific authentication or privilege requirements are mentioned, implying that unauthenticated remote access to the affected route would be sufficient. The best\u2011effort mitigation involves applying the latest version that removes the vulnerable code or otherwise restricting outbound connectivity from the application."}}}}, "created": "2026-04-28T09:16:51.244170+00:00", "updated": "2026-04-28T19:45:07.602930+00:00", "vendors": ["chatgptnextweb", "chatgptnextweb$PRODUCT$nextchat"]}