CVE-2026-7178 | ChatGPTNextWeb NextChat up to 2.16.1 Artifacts Endpoint route.ts storeUrl ID server-side request forgery (Issue 6741)

A vulnerability was found in ChatGPTNextWeb NextChat up to 2.16.1. It has been rated as critical. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery.

The identification of this vulnerability is CVE-2026-7178. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More