CVE-2026-7177 | ChatGPTNextWeb NextChat up to 2.16.1 route.ts proxyHandler server-side request forgery (Issue 6742)

A vulnerability was found in ChatGPTNextWeb NextChat up to 2.16.1. It has been declared as critical. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[…path]/route.ts. The manipulation results in server-side request forgery.

This vulnerability was named CVE-2026-7177. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More