https://feed.craftedsignal.io/vendors/chatgptnextweb/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 28 Apr 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-04-nextchat-ssrf/Tue, 28 Apr 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-nextchat-ssrf/A server-side request forgery (SSRF) vulnerability in ChatGPTNextWeb NextChat up to version 2.16.1 allows remote attackers to manipulate the proxyHandler function, potentially leading to unauthorized internal resource access.A server-side request forgery (SSRF) vulnerability, identified as CVE-2026-7177, affects ChatGPTNextWeb NextChat up to version 2.16.1. The vulnerability resides within the proxyHandler function in the app/api/[provider]/[...path]/route.ts file. Publicly available exploits demonstrate that a remote attacker can manipulate this function to make unauthorized requests to internal resources. The project maintainers were notified, but have not yet responded to the issue, increasing the risk of widespread exploitation. This vulnerability allows attackers to potentially access sensitive information or internal services that are not intended to be exposed to the internet.

Attack Chain

1. An attacker identifies a NextChat instance running a vulnerable version (<= 2.16.1).
2. The attacker crafts a malicious HTTP request targeting the app/api/[provider]/[...path]/route.ts endpoint.
3. The crafted request manipulates the proxyHandler function parameters.
4. The proxyHandler function, without proper validation, forwards the manipulated request to an internal server or resource.
5. The internal server processes the request as if it originated from the NextChat server itself.
6. The internal server returns the response to the NextChat server.
7. The NextChat server forwards the response from the internal server back to the attacker.
8. The attacker gains access to potentially sensitive information or can interact with internal services due to the SSRF vulnerability.

Impact

Successful exploitation of this SSRF vulnerability allows attackers to potentially access internal resources, including sensitive data or internal services not intended for public access. While the CVSS score is 7.3 (HIGH), the impact is limited to information disclosure and limited modification/availability of resources. The number of affected instances is currently unknown. If successfully exploited, attackers could potentially use the compromised NextChat instance as a proxy to further compromise the internal network.

Recommendation

• Apply input validation and sanitization to the proxyHandler function within app/api/[provider]/[...path]/route.ts to prevent malicious manipulation (Reference: CVE-2026-7177).
• Monitor web server logs for unusual requests targeting the app/api endpoint with potentially malicious parameters (See example Sigma rule below).
• Implement network segmentation to restrict access from the NextChat server to only necessary internal resources (General security best practice related to SSRF).
• Deploy the Sigma rules provided to detect exploitation attempts against NextChat instances.

]]>mediumadvisoryssrfcve-2026-7177web-applicationhttps://feed.craftedsignal.io/briefs/2024-01-03-nextchat-ssrf/Wed, 03 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-03-nextchat-ssrf/ChatGPTNextWeb NextChat versions up to 2.16.1 are vulnerable to server-side request forgery (SSRF) due to improper input validation in the storeUrl function, allowing remote attackers to potentially access internal resources or conduct other malicious activities.A server-side request forgery (SSRF) vulnerability, identified as CVE-2026-7178, affects ChatGPTNextWeb NextChat versions up to 2.16.1. The vulnerability resides in the storeUrl function within the app/api/artifacts/route.ts file, specifically related to the Artifacts Endpoint component. An attacker can manipulate the ID argument to force the server to make requests to arbitrary internal or external resources. This issue was reported to the project maintainers but remains unpatched. The availability of a public exploit increases the risk of active exploitation. This vulnerability allows attackers to bypass network access controls, potentially accessing sensitive data or internal services.

Attack Chain

1. The attacker identifies an instance of ChatGPTNextWeb NextChat running a version up to 2.16.1.
2. The attacker crafts a malicious HTTP request targeting the /api/artifacts endpoint.
3. The request includes a manipulated ID parameter within the request body or query string of the HTTP request to storeUrl function.
4. The storeUrl function, lacking proper input validation, uses the attacker-supplied ID to construct a URL.
5. The NextChat server initiates an HTTP request to the attacker-controlled URL.
6. Depending on the crafted URL, the server may access internal resources, external websites, or cloud services.
7. The server receives the response from the target resource.
8. The attacker leverages the SSRF vulnerability to read sensitive internal data, interact with internal services, or potentially pivot to other internal systems.

Impact

Successful exploitation of CVE-2026-7178 allows an attacker to perform unauthorized actions within the network where the NextChat server is deployed. This may include reading internal files, accessing other internal applications or services, or potentially escalating privileges if the targeted internal service has its own vulnerabilities. Given the publicly available exploit, organizations using vulnerable versions of NextChat are at increased risk.

Recommendation

• Upgrade ChatGPTNextWeb NextChat to a version greater than 2.16.1 to remediate CVE-2026-7178.
• Deploy the Sigma rule “NextChat SSRF Attempt” to detect suspicious requests to the /api/artifacts endpoint with potentially malicious ID parameters.
• Monitor web server logs for outbound connections originating from the NextChat server to unusual or internal IP addresses and domains.
• Implement strict input validation on the ID parameter of the storeUrl function if immediate patching is not possible.

]]>highthreatssrfcvevulnerabilityweb-applicationhttps://feed.craftedsignal.io/briefs/2024-01-nextchat-auth-bypass/Wed, 03 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-nextchat-auth-bypass/CVE-2026-7644 is an improper authorization vulnerability in the addMcpServer function of ChatGPTNextWeb NextChat version 2.16.1 and earlier, allowing for potential remote exploitation following public disclosure of the exploit.A vulnerability, CVE-2026-7644, affects ChatGPTNextWeb NextChat up to version 2.16.1. The flaw exists within the addMcpServer function located in the app/mcp/actions.ts file. This vulnerability allows for improper authorization, potentially enabling unauthorized actions. The exploit has been publicly disclosed, increasing the risk of exploitation. The vendor was notified, but there has been no response as of the time of this writing. This vulnerability allows for remote exploitation, meaning an attacker does not need local access to the system to exploit it. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized access and potential data breaches.

Attack Chain

1. Attacker identifies a ChatGPTNextWeb NextChat instance running version 2.16.1 or earlier.
2. Attacker sends a crafted request to the addMcpServer function in app/mcp/actions.ts.
3. The application fails to properly authorize the request due to the vulnerability in addMcpServer.
4. The attacker bypasses authorization checks.
5. The attacker successfully adds a malicious MCP server configuration.
6. The application uses the malicious MCP server configuration, potentially leading to further unauthorized actions.
7. Attacker gains unauthorized access to sensitive data or functionality.

Impact

Successful exploitation of CVE-2026-7644 could lead to unauthorized access to a NextChat instance. An attacker could potentially manipulate MCP server configurations, leading to further compromise of the application and associated data. Since the exploit is publicly available, the risk of exploitation is significantly elevated, potentially affecting all unpatched instances of NextChat version 2.16.1 or earlier.

Recommendation

• Upgrade ChatGPTNextWeb NextChat to a version higher than 2.16.1 to patch CVE-2026-7644.
• Monitor web server logs for suspicious requests targeting the addMcpServer function in app/mcp/actions.ts.
• Deploy the Sigma rule to detect unauthorized calls to the addMcpServer function.

]]>mediumadvisoryauthorizationcve-2026-7644web-application