CVE-2026-7177 | ChatGPTNextWeb NextChat up to 2.16.1 route.ts proxyHandler server-side request forgery (Issue 6742)

Inserito da Angelo Barbosa | Apr 27, 2026 | CVE

A vulnerability was found in ChatGPTNextWeb NextChat up to 2.16.1. It has been declared as critical. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[…path]/route.ts. The manipulation results in server-side request forgery.

This vulnerability was named CVE-2026-7177. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7177 | ChatGPTNextWeb NextChat up to 2.16.1 route.ts proxyHandler server-side request forgery (Issue 6742)

Post correlati

CVE-2023-6830 | Formidable Forms Plugin up to 6.7 on WordPress cross site scripting

CVE-2024-2308 | Elementvader Addons for Elementor Plugin up to 1.2.2 on WordPress cross site scripting

CVE-2025-62330 | HCL DevOps Deploy cleartext transmission (KB0127333)

CVE-2025-12817 | PostgreSQL up to 18.0 CREATE STATISTICS Command authorization