CVE-2026-7177

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been r...

high 7.3 CVSS 3.1

Published: Apr 27, 2026

Modified: Apr 30, 2026

Vendor: Nextchat

Product: Nextchat

Versions: 2.16.0,2.16.1

Description

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

Related CVEs

CVSS Breakdown

Version	3.1
Score	7.3 / 10
Severity	high

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weakness (CWE)

CWE-918

Affected Product

Vendor	Nextchat
Product	Nextchat
Versions	2.16.0,2.16.1