Description
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server-side request forgery
Action: Immediate Patch
AI Analysis

Impact

NextChat in ChatGPTNextWeb, up to version 2.16.1, contains a flaw in the proxyHandler function located in app/api/[provider]/[...path]/route.ts. The vulnerability allows an attacker to manipulate the function so that the server performs HTTP requests to arbitrary destinations. This remote exploitation grants the attacker the ability to reach internal network resources, exfiltrate data, or use the server as a proxy to attack other systems. The weakness is identified as CWE‑918 and results in a moderate CVSS score of 6.9.

Affected Systems

The affected product is ChatGPTNextWeb’s NextChat application, specifically releases up to and including 2.16.1. No other versions are confirmed, and the project has released the source on GitHub at https://github.com/ChatGPTNextWeb/NextChat; the source files indicate the vulnerability is tied to the proxyHandler route. Organizations running this application should verify that their deployed version is not 2.16.1 or older, or that they have applied a patch that removes the insecure handler.

Risk and Exploitability

The exploit is available publicly and can be performed from a remote location. Although the EPSS score is not provided, the CVSS score reflects a moderate risk. The vulnerability is not listed in the CISA KEV catalog, indicating it has not yet been catalogued as a widely known exploit at the time of this assessment. Attackers can target exposed NextChat endpoints to force outbound requests, potentially accessing internal or public resources. No specific authentication or privilege requirements are mentioned, implying that unauthenticated remote access to the affected route would be sufficient. The best‑effort mitigation involves applying the latest version that removes the vulnerable code or otherwise restricting outbound connectivity from the application.

Generated by OpenCVE AI on April 28, 2026 at 19:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or upgrade to a version of NextChat that removes the vulnerable proxyHandler (e.g., 2.16.2 or newer).
  • If an upgrade is not immediately possible, impose network restrictions that block outbound requests from the NextChat process, limiting connectivity to a whitelist of approved domains.
  • If code changes are not feasible, configure the application to validate requested URLs against an approved whitelist and reject any hostnames or IP addresses not explicitly allowed, thereby preventing the server from initiating requests to internal or disallowed destinations.

Generated by OpenCVE AI on April 28, 2026 at 19:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Nextchat
Nextchat nextchat
CPEs cpe:2.3:a:nextchat:nextchat:2.16.0:*:*:*:*:*:*:*
cpe:2.3:a:nextchat:nextchat:2.16.1:*:*:*:*:*:*:*
Vendors & Products Nextchat
Nextchat nextchat

Wed, 29 Apr 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Chatgptnextweb
Chatgptnextweb nextchat
Vendors & Products Chatgptnextweb
Chatgptnextweb nextchat

Mon, 27 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery
Weaknesses CWE-918
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Chatgptnextweb Nextchat
Nextchat Nextchat
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T14:47:57.952Z

Reserved: 2026-04-27T08:15:58.463Z

Link: CVE-2026-7177

cve-icon Vulnrichment

Updated: 2026-04-28T14:47:54.698Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T22:16:18.860

Modified: 2026-04-30T19:26:15.120

Link: CVE-2026-7177

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:45:07Z

Weaknesses