70 matches found
CVE-2026-7177
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...
CVE-2026-7178
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...
EUVD-2026-25931
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack...
CVE-2026-7177
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...
CVE-2026-7177 ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...
CVE-2026-7177 ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...
EUVD-2026-25928
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...
CVE-2026-7177
Affected product: ChatGPTNextWeb NextChat up to 2.16.1. Vulnerable component: function proxyHandler in app/api/[provider]/[...path]/route.ts. Root cause: manipulation leads to server-side request forgery (SSRF). Impact: potential remote exploitation with low to moderate impact on confidentiality/...
PT-2026-35534
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...
NextChat 代码问题漏洞
NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the parameter ID in the function storeUrl in the...
NextChat 代码问题漏洞
NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the proxyHandler function in the file...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
EUVD-2025-37512
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
NextChat 安全漏洞
NextChat is a NextChat open source project for rapid deployment of private ChatGPT web applications. A security vulnerability exists in NextChat 2.16.0 and earlier versions, which stems from a WebDAV proxy failing to normalize or reject point path segments in its wildcard routes, which could lead...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
PT-2025-44793
Name of the Vulnerable Software and Affected Versions NextChat versions through 2.16.0 Description A directory traversal issue exists in NextChat due to the WebDAV proxy not properly handling dot path segments within its catch-all route. This allows attackers to potentially access sensitive...
CVE-2025-50735
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...
CVE-2025-50735
NextChat (versions up to 2.16.0) is affected by a directory traversal vulnerability in the WebDAV proxy, which fails to canonicalize or reject dot path segments in its catch-all route, potentially allowing an attacker to disclose sensitive information via authenticated or anonymous WebDAV endpoin...