CVE-2026-7177 | ChatGPTNextWeb NextChat up to 2.16.1 route.ts proxyHandler server-side request forgery (Issue 6742)

Inserito da Angelo Barbosa | Apr 27, 2026 | CVE

A vulnerability was found in ChatGPTNextWeb NextChat up to 2.16.1. It has been declared as critical. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[…path]/route.ts. The manipulation results in server-side request forgery.

This vulnerability was named CVE-2026-7177. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7177 | ChatGPTNextWeb NextChat up to 2.16.1 route.ts proxyHandler server-side request forgery (Issue 6742)

Post correlati

CVE-2025-24009 | Siemens SIRIUS Safety Relays 3SK2 permission assignment (ssa-222768)

CVE-2025-7564 | LB-LINK BL-AC3600 1.0.22 /etc/shadow hard-coded credentials

CVE-2024-12594 | All in One Custom Login Page Plugin up to 7.1.1 on WordPress authorization

CVE-2025-8804 | Open5GS up to 2.7.5 AMF ngap_build_downlink_nas_transport assertion (Issue 3950)