Home

Description

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

PUBLISHED Reserved 2026-04-27 | Published 2026-04-27 | Updated 2026-04-28 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Server-Side Request Forgery

Product status

2.16.0
affected

2.16.1
affected

Timeline

2026-04-27:Advisory disclosed
2026-04-27:VulDB entry created
2026-04-27:VulDB entry last update

Credits

Eric-b (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/359780 (VDB-359780 | ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery) vdb-entry technical-description

vuldb.com/vuln/359780/cti (VDB-359780 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/submit/797646 (Submit #797646 | nextchat <= 2.16.1 Server-Side Request Forgery (CWE-918) / Path Traversal (CWE-22)) third-party-advisory

github.com/ChatGPTNextWeb/NextChat/issues/6741 issue-tracking

gist.github.com/YLChen-007/43252d45d75e8bdd2d45136fd6ffe8a5 exploit

github.com/ChatGPTNextWeb/NextChat/ product

cve.org (CVE-2026-7178)

nvd.nist.gov (CVE-2026-7178)

Download JSON