CVE-2025-50735

Name of the Vulnerable Software and Affected Versions NextChat versions through 2.16.0

Description A directory traversal issue exists in NextChat due to the WebDAV proxy not properly handling dot path segments within its catch-all route. This allows attackers to potentially access sensitive information through authenticated or anonymous WebDAV endpoints. The issue stems from a failure to canonicalize or reject these path segments.

Recommendations Update NextChat to a version later than 2.16.0.