top of page
perceptive_background_267k.jpg

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation l…

Published:

1 mei 2026 om 22:00:00

Alert date:

2 mei 2026 om 16:00:44

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A vulnerability has been discovered in ChatGPTNextWeb NextChat versions up to 2.16.1. The issue affects the addMcpServer function in app/mcp/actions.ts file, leading to improper authorization. The vulnerability allows for remote exploitation and the exploit has been publicly disclosed. The project maintainers were notified through an issue report but have not responded yet. This creates a significant security risk as the exploit is now available for malicious use.

Technical details

Mitigation steps:

Affected products:

ChatGPTNextWeb NextChat

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7644
https://github.com/ChatGPTNextWeb/NextChat/
https://github.com/ChatGPTNextWeb/NextChat/issues/6757
https://vuldb.com/submit/806851
https://vuldb.com/vuln/360756
https://vuldb.com/vuln/360756/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page