A server-side request forgery (SSRF) vulnerability has been identified in ChatGPTNextWeb NextChat up to version 2.16.1. The vulnerability affects the storeUrl function in the app/api/artifacts/route.ts file of the Artifacts Endpoint component. The issue can be exploited remotely by manipulating the argument ID parameter. A public exploit is available, increasing the risk of active exploitation. The project maintainers have been notified through an issue report but have not yet responded to the vulnerability disclosure.