Submit #806833: ChatGPTNextWeb NextChat 2.16.1 Permissive CORS Wildcard Policyinfo

TitleChatGPTNextWeb NextChat 2.16.1 Permissive CORS Wildcard Policy
DescriptionNextChat configures its Next.js application to attach maximally permissive CORS response headers to every API endpoint under the /api/* path prefix. The configuration in next.config.mjs (lines 38-63) sets.This configuration allows any website on the internet to make cross-origin requests to all NextChat API endpoints. Because Access-Control-Allow-Headers: * permits custom headers, attacker-controlled JavaScript can set the x-base-url header, which the proxy endpoint (/api/[provider]/[...path]/route.ts) uses to determine the server-side fetch destination. This directly enables cross-origin SSRF attacks.
Source⚠️ https://github.com/ChatGPTNextWeb/NextChat/issues/6756
User
 Yu_Bao (UID 89348)
Submission04/17/2026 07:19 (3 months ago)
Moderation05/01/2026 18:34 (14 days later)
StatusAccepted
VulDB entry360755 [ChatGPTNextWeb NextChat up to 2.16.1 API Endpoint Next.js cross-domain policy]
Points20

Do you know our Splunk app?

Download it now for free!