ChatGPTNextWeb NextChat actions.ts addMcpServer improper authorization_CVE-2026-7644

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7644

Source VulDB

Published May 2, 2026 at 15:00

Affected Product

Vendor ChatGPTNextWeb

Product NextChat

Version 2.16.0

Affected Versions ChatGPTNextWeb NextChat 2.16.0
ChatGPTNextWeb NextChat 2.16.1

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-05-02T15:00:13.502Z",
    "modified": "2026-05-02T15:00:13.502Z",
    "type": "cve",
    "title": "ChatGPTNextWeb NextChat actions.ts addMcpServer improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360756\nhttps://vuldb.com/vuln/360756/cti\nhttps://vuldb.com/submit/806851\nhttps://github.com/ChatGPTNextWeb/NextChat/issues/6757\nhttps://github.com/ChatGPTNextWeb/NextChat/",
    "id": "CVE-2026-7644",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "ChatGPTNextWeb NextChat 2.16.0\nChatGPTNextWeb NextChat 2.16.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NextChat",
    "version": "2.16.0",
    "vendor": "ChatGPTNextWeb",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}