CVE-2026-7644 | ChatGPTNextWeb NextChat up to 2.16.1 app/mcp/actions.ts addMcpServer improper authorization (Issue 6757)

Inserito da Angelo Barbosa | Mag 1, 2026 | CVE

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1 and classified as critical. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization.

This vulnerability is referenced as CVE-2026-7644. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7644 | ChatGPTNextWeb NextChat up to 2.16.1 app/mcp/actions.ts addMcpServer improper authorization (Issue 6757)

Post correlati

CVE-2026-30932 | Froxlor up to 2.3.4 API Endpoint DomainZones.add injection (GHSA-x6w6-2xwp-3jh6)

CVE-2025-4892 | code-projects Police Station Management System 1.0 Delete Record source.cpp criminal::remove No stack-based overflow

CVE-2025-62511 | zheny-creator YtGrabber-TUI up to 1.0.0 on Linux Setting config.json load_json_settings toctou (GHSA-hwwf-fq6p-rw9q)

CVE-2025-62346 | HCL Glovius Cloud up to S05.25 cross-site request forgery (KB0126459)