Primary

Context

NextChat Directory Traversal Vulnerability in WebDAV Proxy

Vulnerability

A directory traversal vulnerability has been identified in NextChat versions through 2.16.0. This issue arises from the WebDAV proxy's failure to properly canonicalize or reject dot path segments in its catch-all route. As a result, attackers can exploit this vulnerability to access sensitive information through authenticated or anonymous WebDAV endpoints.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information via the WebDAV interface.

Reproduction

The vulnerability can be reproduced by sending a WebDAV request that includes dot path segments, such as '../', to the WebDAV proxy endpoint. This can be done either authenticated or anonymously, depending on the WebDAV endpoint's configuration. The proxy will not properly handle the traversal, potentially leading to exposure of sensitive files or data.

Added: Nov 3, 2025, 8:22 PM

Updated: Nov 3, 2025, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.9

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NextChat Directory Traversal Vulnerability in WebDAV Proxy

Vulnerability

Impact

Reproduction

Affected Products

ChatGPTNextWeb NextChat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating