CVE-2026-7643 | ChatGPTNextWeb NextChat up to 2.16.1 API Endpoint Next.js cross-domain policy (Issue 6756)

A vulnerability, which was classified as problematic, was found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains.

The identification of this vulnerability is CVE-2026-7643. The attack may be launched remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7643 | ChatGPTNextWeb NextChat up to 2.16.1 API Endpoint Next.js cross-domain policy (Issue 6756)

Post correlati

CVE-2024-4027 | Red Hat Undertow HttpServletRequestImpl.getParameterNames denial of service

CVE-2024-43791 | steveklabnik request_store 1.3.2 default permission (GHSA-frp2-5qfc-7r8m)

CVE-2024-44449 | Quorum onQ OS 6.0.0.5.2064 Login msg cross site scripting

CVE-2023-48130 | GINZA CAFE mini-app on Line 13.6.1 Channel Access Token information disclosure