{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/chatgptnextweb/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7177"}],"_cs_exploited":false,"_cs_products":["NextChat"],"_cs_severities":["medium"],"_cs_tags":["ssrf","cve-2026-7177","web-application"],"_cs_type":"advisory","_cs_vendors":["ChatGPTNextWeb"],"content_html":"\u003cp\u003eA server-side request forgery (SSRF) vulnerability, identified as CVE-2026-7177, affects ChatGPTNextWeb NextChat up to version 2.16.1. The vulnerability resides within the \u003ccode\u003eproxyHandler\u003c/code\u003e function in the \u003ccode\u003eapp/api/[provider]/[...path]/route.ts\u003c/code\u003e file. Publicly available exploits demonstrate that a remote attacker can manipulate this function to make unauthorized requests to internal resources. The project maintainers were notified, but have not yet responded to the issue, increasing the risk of widespread exploitation. This vulnerability allows attackers to potentially access sensitive information or internal services that are not intended to be exposed to the internet.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a NextChat instance running a vulnerable version (\u0026lt;= 2.16.1).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003eapp/api/[provider]/[...path]/route.ts\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request manipulates the \u003ccode\u003eproxyHandler\u003c/code\u003e function parameters.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eproxyHandler\u003c/code\u003e function, without proper validation, forwards the manipulated request to an internal server or resource.\u003c/li\u003e\n\u003cli\u003eThe internal server processes the request as if it originated from the NextChat server itself.\u003c/li\u003e\n\u003cli\u003eThe internal server returns the response to the NextChat server.\u003c/li\u003e\n\u003cli\u003eThe NextChat server forwards the response from the internal server back to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to potentially sensitive information or can interact with internal services due to the SSRF vulnerability.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability allows attackers to potentially access internal resources, including sensitive data or internal services not intended for public access. While the CVSS score is 7.3 (HIGH), the impact is limited to information disclosure and limited modification/availability of resources. The number of affected instances is currently unknown. If successfully exploited, attackers could potentially use the compromised NextChat instance as a proxy to further compromise the internal network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003eproxyHandler\u003c/code\u003e function within \u003ccode\u003eapp/api/[provider]/[...path]/route.ts\u003c/code\u003e to prevent malicious manipulation (Reference: CVE-2026-7177).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual requests targeting the \u003ccode\u003eapp/api\u003c/code\u003e endpoint with potentially malicious parameters (See example Sigma rule below).\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to restrict access from the NextChat server to only necessary internal resources (General security best practice related to SSRF).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect exploitation attempts against NextChat instances.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T12:00:00Z","date_published":"2026-04-28T12:00:00Z","id":"/briefs/2026-04-nextchat-ssrf/","summary":"A server-side request forgery (SSRF) vulnerability in ChatGPTNextWeb NextChat up to version 2.16.1 allows remote attackers to manipulate the proxyHandler function, potentially leading to unauthorized internal resource access.","title":"ChatGPTNextWeb NextChat Server-Side Request Forgery Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-nextchat-ssrf/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7178"}],"_cs_exploited":true,"_cs_products":["NextChat"],"_cs_severities":["high"],"_cs_tags":["ssrf","cve","vulnerability","web-application"],"_cs_type":"threat","_cs_vendors":["ChatGPTNextWeb"],"content_html":"\u003cp\u003eA server-side request forgery (SSRF) vulnerability, identified as CVE-2026-7178, affects ChatGPTNextWeb NextChat versions up to 2.16.1. The vulnerability resides in the \u003ccode\u003estoreUrl\u003c/code\u003e function within the \u003ccode\u003eapp/api/artifacts/route.ts\u003c/code\u003e file, specifically related to the Artifacts Endpoint component. An attacker can manipulate the \u003ccode\u003eID\u003c/code\u003e argument to force the server to make requests to arbitrary internal or external resources. This issue was reported to the project maintainers but remains unpatched. The availability of a public exploit increases the risk of active exploitation. This vulnerability allows attackers to bypass network access controls, potentially accessing sensitive data or internal services.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an instance of ChatGPTNextWeb NextChat running a version up to 2.16.1.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/api/artifacts\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a manipulated \u003ccode\u003eID\u003c/code\u003e parameter within the request body or query string of the HTTP request to \u003ccode\u003estoreUrl\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003estoreUrl\u003c/code\u003e function, lacking proper input validation, uses the attacker-supplied \u003ccode\u003eID\u003c/code\u003e to construct a URL.\u003c/li\u003e\n\u003cli\u003eThe NextChat server initiates an HTTP request to the attacker-controlled URL.\u003c/li\u003e\n\u003cli\u003eDepending on the crafted URL, the server may access internal resources, external websites, or cloud services.\u003c/li\u003e\n\u003cli\u003eThe server receives the response from the target resource.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the SSRF vulnerability to read sensitive internal data, interact with internal services, or potentially pivot to other internal systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7178 allows an attacker to perform unauthorized actions within the network where the NextChat server is deployed. This may include reading internal files, accessing other internal applications or services, or potentially escalating privileges if the targeted internal service has its own vulnerabilities. Given the publicly available exploit, organizations using vulnerable versions of NextChat are at increased risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade ChatGPTNextWeb NextChat to a version greater than 2.16.1 to remediate CVE-2026-7178.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;NextChat SSRF Attempt\u0026rdquo; to detect suspicious requests to the \u003ccode\u003e/api/artifacts\u003c/code\u003e endpoint with potentially malicious \u003ccode\u003eID\u003c/code\u003e parameters.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for outbound connections originating from the NextChat server to unusual or internal IP addresses and domains.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation on the \u003ccode\u003eID\u003c/code\u003e parameter of the \u003ccode\u003estoreUrl\u003c/code\u003e function if immediate patching is not possible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-nextchat-ssrf/","summary":"ChatGPTNextWeb NextChat versions up to 2.16.1 are vulnerable to server-side request forgery (SSRF) due to improper input validation in the storeUrl function, allowing remote attackers to potentially access internal resources or conduct other malicious activities.","title":"ChatGPTNextWeb NextChat SSRF Vulnerability (CVE-2026-7178)","url":"https://feed.craftedsignal.io/briefs/2024-01-03-nextchat-ssrf/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7644"}],"_cs_exploited":false,"_cs_products":["NextChat (\u003c= 2.16.1)"],"_cs_severities":["medium"],"_cs_tags":["authorization","cve-2026-7644","web-application"],"_cs_type":"advisory","_cs_vendors":["ChatGPTNextWeb"],"content_html":"\u003cp\u003eA vulnerability, CVE-2026-7644, affects ChatGPTNextWeb NextChat up to version 2.16.1. The flaw exists within the \u003ccode\u003eaddMcpServer\u003c/code\u003e function located in the \u003ccode\u003eapp/mcp/actions.ts\u003c/code\u003e file. This vulnerability allows for improper authorization, potentially enabling unauthorized actions. The exploit has been publicly disclosed, increasing the risk of exploitation. The vendor was notified, but there has been no response as of the time of this writing. This vulnerability allows for remote exploitation, meaning an attacker does not need local access to the system to exploit it. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized access and potential data breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a ChatGPTNextWeb NextChat instance running version 2.16.1 or earlier.\u003c/li\u003e\n\u003cli\u003eAttacker sends a crafted request to the \u003ccode\u003eaddMcpServer\u003c/code\u003e function in \u003ccode\u003eapp/mcp/actions.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly authorize the request due to the vulnerability in \u003ccode\u003eaddMcpServer\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker bypasses authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully adds a malicious MCP server configuration.\u003c/li\u003e\n\u003cli\u003eThe application uses the malicious MCP server configuration, potentially leading to further unauthorized actions.\u003c/li\u003e\n\u003cli\u003eAttacker gains unauthorized access to sensitive data or functionality.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7644 could lead to unauthorized access to a NextChat instance. An attacker could potentially manipulate MCP server configurations, leading to further compromise of the application and associated data. Since the exploit is publicly available, the risk of exploitation is significantly elevated, potentially affecting all unpatched instances of NextChat version 2.16.1 or earlier.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade ChatGPTNextWeb NextChat to a version higher than 2.16.1 to patch CVE-2026-7644.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting the \u003ccode\u003eaddMcpServer\u003c/code\u003e function in \u003ccode\u003eapp/mcp/actions.ts\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect unauthorized calls to the \u003ccode\u003eaddMcpServer\u003c/code\u003e function.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-nextchat-auth-bypass/","summary":"CVE-2026-7644 is an improper authorization vulnerability in the addMcpServer function of ChatGPTNextWeb NextChat version 2.16.1 and earlier, allowing for potential remote exploitation following public disclosure of the exploit.","title":"ChatGPTNextWeb NextChat Improper Authorization Vulnerability (CVE-2026-7644)","url":"https://feed.craftedsignal.io/briefs/2024-01-nextchat-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — ChatGPTNextWeb","version":"https://jsonfeed.org/version/1.1"}