Skip to main content

Hyperchat

1 CVEs product

Monthly

CVE-2026-7223 npm MEDIUM POC This Month

Server-side request forgery (SSRF) in BigSweetPotatoStudio HyperChat up to version 2.0.0-alpha.63 allows remote unauthenticated attackers to manipulate the baseurl argument in the AI Proxy Middleware component, enabling arbitrary HTTP requests from the affected server. The vulnerability has a publicly available exploit and CVSS 6.9 score reflecting confidentiality, integrity, and availability impact at the network level with low complexity. The vendor has not responded to early disclosure notification through the project's GitHub issue tracker.

SSRF Hyperchat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Server-side request forgery (SSRF) in BigSweetPotatoStudio HyperChat up to version 2.0.0-alpha.63 allows remote unauthenticated attackers to manipulate the baseurl argument in the AI Proxy Middleware component, enabling arbitrary HTTP requests from the affected server. The vulnerability has a publicly available exploit and CVSS 6.9 score reflecting confidentiality, integrity, and availability impact at the network level with low complexity. The vendor has not responded to early disclosure notification through the project's GitHub issue tracker.

SSRF Hyperchat
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy