CVE-2026-5633

High

Published: 06 April 2026

Published

06 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0006 18.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5633 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as APIs and Models.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates and sanitizes the manipulated source_urls argument to prevent SSRF exploitation in the ws Endpoint.

SC-7 Boundary Protection good match

preventdetect

Monitors and controls communications at boundaries to block server-forged requests to internal or unauthorized destinations.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the identified SSRF flaw in gpt-researcher versions up to 3.4.3.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SSRF vulnerability in public-facing ws Endpoint component allows remote unauthenticated exploitation via crafted source_urls requests, directly enabling T1190 Exploit Public-Facing Application for initial access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source_urls can lead to server-side request forgery. It is possible to launch the attack…

remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Deeper analysisAI

CVE-2026-5633 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting assafelovic/gpt-researcher versions up to 3.4.3. The flaw exists in an unknown function of the "ws Endpoint" component, where manipulation of the "source_urls" argument triggers the forgery. Published on 2026-04-06, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

The vulnerability enables remote exploitation without authentication or user interaction. Attackers can send crafted requests to a vulnerable instance, potentially forging server-side requests to internal or external resources, leading to low-level impacts on confidentiality, integrity, and availability.

Advisories from VulDB and the project's GitHub repository (including issue #1696) indicate the issue was reported early to the maintainers, but they have not responded. No patches, workarounds, or official mitigations are detailed in the references.

The exploit has been publicly disclosed and may be utilized in attacks. Given gpt-researcher's focus on AI-driven research, the vulnerability is relevant to deployments involving AI/ML workflows.