{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5633/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5633"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","cve-2026-5633","gpt-researcher"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA server-side request forgery (SSRF) vulnerability, identified as CVE-2026-5633, affects assafelovic\u0026rsquo;s gpt-researcher version 3.4.3 and earlier. The vulnerability resides within the ws Endpoint component and is triggered by manipulating the \u003ccode\u003esource_urls\u003c/code\u003e argument. This flaw allows a remote attacker to potentially force the application to make requests to arbitrary internal or external resources. A publicly disclosed exploit exists, increasing the risk of exploitation. The developers were notified through an issue report, but have not yet responded. This vulnerability is a significant concern for organizations using gpt-researcher, as it can lead to sensitive data exposure or further attacks originating from the application\u0026rsquo;s server.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a gpt-researcher instance running version 3.4.3 or earlier.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request containing a manipulated \u003ccode\u003esource_urls\u003c/code\u003e argument. This URL points to an internal resource or an external server controlled by the attacker.\u003c/li\u003e\n\u003cli\u003eThe gpt-researcher application, specifically the ws Endpoint component, processes the request without proper validation of the \u003ccode\u003esource_urls\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application initiates a request to the attacker-specified URL, effectively acting as a proxy.\u003c/li\u003e\n\u003cli\u003eIf the URL points to an internal resource, the attacker gains access to potentially sensitive data or internal services not intended for public access.\u003c/li\u003e\n\u003cli\u003eIf the URL points to an external server controlled by the attacker, the server receives the request, revealing information about the gpt-researcher instance, such as its IP address.\u003c/li\u003e\n\u003cli\u003eThe attacker can then leverage this information to further compromise the server or the network it resides on, potentially leading to lateral movement or data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5633 can allow an attacker to perform actions they are not authorized to do. This includes reading internal data, accessing internal services, or using the vulnerable server as a proxy for further attacks. While the exact number of victims is unknown, any organization using a vulnerable version of gpt-researcher is at risk. The consequences of a successful SSRF attack can range from information disclosure to full server compromise, depending on the internal resources accessible to the application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server access logs for requests containing suspicious URLs in the \u003ccode\u003esource_urls\u003c/code\u003e parameter that point to internal or unexpected external resources. This can aid in detecting ongoing exploitation attempts (logsource: webserver, product: linux/windows).\u003c/li\u003e\n\u003cli\u003eApply input validation to the \u003ccode\u003esource_urls\u003c/code\u003e parameter to ensure that the application only makes requests to authorized and expected resources.\u003c/li\u003e\n\u003cli\u003eMonitor network connections originating from the gpt-researcher server for unusual outbound traffic to internal or external IP addresses (logsource: network_connection, product: windows/linux).\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect potential SSRF attempts by monitoring for suspicious URL patterns in web server logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T08:16:39Z","date_published":"2026-04-06T08:16:39Z","id":"/briefs/2026-04-gpt-researcher-ssrf/","summary":"A server-side request forgery (SSRF) vulnerability exists in assafelovic gpt-researcher up to version 3.4.3, affecting the ws Endpoint component, allowing a remote attacker to manipulate the source_urls argument and potentially access internal resources or conduct further attacks.","title":"GPT Researcher Server-Side Request Forgery Vulnerability (CVE-2026-5633)","url":"https://feed.craftedsignal.io/briefs/2026-04-gpt-researcher-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5633","version":"https://jsonfeed.org/version/1.1"}