Soumettre #806833: ChatGPTNextWeb NextChat 2.16.1 Permissive CORS Wildcard Policyinformation

TitreChatGPTNextWeb NextChat 2.16.1 Permissive CORS Wildcard Policy
DescriptionNextChat configures its Next.js application to attach maximally permissive CORS response headers to every API endpoint under the /api/* path prefix. The configuration in next.config.mjs (lines 38-63) sets.This configuration allows any website on the internet to make cross-origin requests to all NextChat API endpoints. Because Access-Control-Allow-Headers: * permits custom headers, attacker-controlled JavaScript can set the x-base-url header, which the proxy endpoint (/api/[provider]/[...path]/route.ts) uses to determine the server-side fetch destination. This directly enables cross-origin SSRF attacks.
La source⚠️ https://github.com/ChatGPTNextWeb/NextChat/issues/6756
Utilisateur
 Yu_Bao (UID 89348)
Soumission17/04/2026 07:19 (il y a 2 mois)
Modérer01/05/2026 18:34 (14 days later)
StatutAccepté
Entrée VulDB360755 [ChatGPTNextWeb NextChat jusqu’à 2.16.1 API Endpoint Next.js élévation de privilèges]
Points20

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!