top of page
perceptive_background_267k.jpg

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation l…

Published:

1 May 2026 at 22:00:00

Alert date:

2 May 2026 at 16:00:44

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A vulnerability has been discovered in ChatGPTNextWeb NextChat versions up to 2.16.1. The issue affects the addMcpServer function in app/mcp/actions.ts file, leading to improper authorization. The vulnerability allows for remote exploitation and the exploit has been publicly disclosed. The project maintainers were notified through an issue report but have not responded yet. This creates a significant security risk as the exploit is now available for malicious use.

Technical details

Mitigation steps:

Affected products:

ChatGPTNextWeb NextChat

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7644
https://github.com/ChatGPTNextWeb/NextChat/
https://github.com/ChatGPTNextWeb/NextChat/issues/6757
https://vuldb.com/submit/806851
https://vuldb.com/vuln/360756
https://vuldb.com/vuln/360756/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page