PT-2026-30572 · Unknown · Assafelovic Gpt-Researcher

Yu-Bao

Published

2026-04-06

Updated

2026-04-06

CVE-2026-5633

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions assafelovic gpt-researcher versions up to 3.4.3

Description A server-side request forgery condition exists in the ws Endpoint component due to manipulation of the source urls argument. This allows for remote attacks. The issue was reported to the project but has not been addressed. The exploit has been publicly disclosed.

Recommendations Update to a version beyond 3.4.3.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-5633

Affected Products

Assafelovic Gpt-Researcher

PT-2026-30572 · Unknown · Assafelovic Gpt-Researcher

CVE-2026-5633

Weakness Enumeration

Related Identifiers

Affected Products

References · 9