Description
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑Side Request Forgery (SSRF)
Action: Patch
AI Analysis

Impact

The vulnerability is a server‑side request forgery flaw in the storeUrl function of the Artifacts Endpoint route, where a crafted ID parameter can cause the server to perform outgoing HTTP requests to arbitrary URLs. This allows an attacker to retrieve internal resources, exfiltrate sensitive data, or interact with external services on behalf of the server. The weakness is CWE-918, which indicates misuse of untrusted user input in network requests. The impact includes potential compromise of confidentiality, integrity, and availability of the underlying infrastructure as the attacker can force the application to contact any network target.

Affected Systems

ChatGPTNextWeb NextChat, current releases up to version 2.16.1. The issue is limited to the artifcets API endpoint and affects all deployments that include the default storeUrl function without additional safeguards.

Risk and Exploitability

The CVSS score of 6.9 classifies the vulnerability as Moderate, but the public availability of an exploit and the lack of a verified patch increase the practical risk for actively running systems. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, yet the attack can be initiated remotely with the supplied payload. Administrators should treat this as a high‑priority issue until a corrective release is issued.

Generated by OpenCVE AI on April 28, 2026 at 19:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NextChat to the latest released version once the vendor fixes the SSRF flaw.
  • If an upgrade is not possible, disable or remove the Artifacts Endpoint route and eliminate the storeUrl functionality from the API surface.
  • Implement network segmentation or firewall rules that block the application’s outbound traffic to untrusted domains, limiting the scope of potential SSRF exploitation.

Generated by OpenCVE AI on April 28, 2026 at 19:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Nextchat
Nextchat nextchat
CPEs cpe:2.3:a:nextchat:nextchat:2.16.0:*:*:*:*:*:*:*
cpe:2.3:a:nextchat:nextchat:2.16.1:*:*:*:*:*:*:*
Vendors & Products Nextchat
Nextchat nextchat

Tue, 28 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Chatgptnextweb
Chatgptnextweb nextchat
Vendors & Products Chatgptnextweb
Chatgptnextweb nextchat

Mon, 27 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery
Weaknesses CWE-918
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Chatgptnextweb Nextchat
Nextchat Nextchat
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T14:01:44.043Z

Reserved: 2026-04-27T08:16:05.917Z

Link: CVE-2026-7178

cve-icon Vulnrichment

Updated: 2026-04-28T14:01:39.270Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T22:16:19.050

Modified: 2026-04-30T19:26:52.517

Link: CVE-2026-7178

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:45:07Z

Weaknesses