CVE-2026-7177
🟡 Monitoruj
Wykryta podatność w ChatGPTNextWeb umożliwia zdalne ataki typu server-side request forgery.
CVSS
7.3
EPSS
0.1%
Exploit
poc
Vendor
nextchat
Opis źródłowy (NVD)
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
exploit ssrf
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2026-04-27 22:16:18 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-30 19:26:15 UTC |
Referencje
- https://gist.github.com/YLChen-007/da6b00024f5b7e1d4fa0658c19b77fbf (cna@vuldb.com) [Exploit, Third Party Advisory]
- https://github.com/ChatGPTNextWeb/NextChat/ (cna@vuldb.com) [Product]
- https://github.com/ChatGPTNextWeb/NextChat/issues/6742 (cna@vuldb.com) [Issue Tracking]
- https://vuldb.com/submit/797645 (cna@vuldb.com) [Exploit, Third Party Advisory]
- https://vuldb.com/vuln/359779 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359779/cti (cna@vuldb.com) [Permissions Required]