CVE-2026-5633

assafelovic gpt-researcher ws Endpoint server-side request forgery

CVSS 6.9 MEDIUMEPSS 0.3%CWE-918

A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source_urls can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

assafelovic · gpt-researcher

PoCs públicas encontradas — 1

cve_referencegithub.com/assafelovic/gpt-researcher/issues/1696no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/assafelovic/gpt-researcher/https://github.com/assafelovic/gpt-researcher/issues/1696 https://vuldb.com/submit/785876 https://vuldb.com/vuln/355421 https://vuldb.com/vuln/355421/cti