CVE-2026-7178 | ChatGPTNextWeb NextChat up to 2.16.1 Artifacts Endpoint route.ts storeUrl ID server-side request forgery (Issue 6741)

Inserito da Angelo Barbosa | Apr 27, 2026 | CVE

A vulnerability was found in ChatGPTNextWeb NextChat up to 2.16.1. It has been rated as critical. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery.

The identification of this vulnerability is CVE-2026-7178. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7178 | ChatGPTNextWeb NextChat up to 2.16.1 Artifacts Endpoint route.ts storeUrl ID server-side request forgery (Issue 6741)

Post correlati

CVE-2025-52616 | HCL Unica up to 12.1.10 exposure of sensitive system information to an unauthorized control sphere (KB0124230)

CVE-2025-9918 | Google SecOps SOAR prior 6.3.53.2/6.3.54.0 ZIP Archive path traversal (gcp-2025-049)

CVE-2024-40944 | Linux Kernel up to 6.6.34/6.9.5 cc_platform_has denial of service (d91ddd050826/2cfb464669b6/93c1800b3799)

CVE-2024-3034 | BackUpWordPress Plugin up to 3.13 on WordPress path traversal