CVE-2026-7223
Published: 28 April 2026
Summary
CVE-2026-7223 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the baseurl argument in the AI Proxy Middleware fetch function to prevent SSRF by rejecting malicious URLs.
Enforces information flow control policies to restrict the proxy middleware from initiating requests to unauthorized internal or external destinations.
Monitors and controls outbound communications at system boundaries to block or detect SSRF attempts from the vulnerable fetch function.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing AI Proxy Middleware component allows remote unauthenticated exploitation of the server application via malicious baseurl manipulation to initiate arbitrary requests.
NVD Description
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request forgery. The…
more
attack can be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7223 is a server-side request forgery (SSRF) vulnerability, classified as CWE-918, affecting BigSweetPotatoStudio HyperChat versions up to 2.0.0-alpha.63. The flaw exists in the fetch function of the file packages/core/src/http/aiProxyMiddleware.mts within the AI Proxy Middleware component, where manipulation of the baseurl argument enables the issue. Published on 2026-04-28, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low complexity.
The vulnerability can be exploited remotely by unauthenticated attackers with no user interaction required. By supplying a malicious baseurl argument, attackers can trick the server into initiating arbitrary requests, potentially compromising low levels of confidentiality, integrity, and availability as scored by CVSS.
Advisories note that the project was informed early via GitHub issue #142 (https://github.com/BigSweetPotatoStudio/HyperChat/issues/142) but has not responded. No patches or mitigations are available yet; practitioners should review the repository (https://github.com/BigSweetPotatoStudio/HyperChat/) and VulDB entries (https://vuldb.com/vuln/359823) for updates.
The exploit is publicly available and might be used. The involvement of the AI Proxy Middleware component suggests relevance to AI-integrated chat applications.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai