Description
A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-02
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the addMcpServer function of the NextChat codebase. It allows an attacker to bypass normal authorization checks and add a merge‑control‑proxy server without permission. This gives the attacker elevated privileges, enabling the creation of new server endpoints, potentially leading to further exploitation or compromise of the web application and any integrated services.

Affected Systems

The vulnerability exists in ChatGPTNextWeb’s NextChat application up through version 2.16.1. All installations using those or earlier releases are susceptible; anything beyond 2.16.1 is unaffected if the fix has been included.

Risk and Exploitability

With a CVSS score of 6.9, the risk is considered medium. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers would likely exploit it remotely via a crafted HTTP request to the addMcpServer endpoint; no local privilege or physical access is required. Once authorized, the attacker could add arbitrary servers, providing a foothold for further damage.

Generated by OpenCVE AI on May 2, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NextChat to the newest release that includes a fix for the addMcpServer authorization check, at least 2.17.0 or later.
  • If an immediate upgrade is not possible, add an explicit server‑side role check to the addMcpServer endpoint so that only users with administrative privileges can invoke it.
  • Apply network controls or firewall rules to restrict external access to the addMcpServer endpoint, and enable logging to monitor any unauthorized attempts.

Generated by OpenCVE AI on May 2, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Chatgptnextweb
Chatgptnextweb nextchat
Vendors & Products Chatgptnextweb
Chatgptnextweb nextchat

Sat, 02 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title ChatGPTNextWeb NextChat actions.ts addMcpServer improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Chatgptnextweb Nextchat
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-02T15:00:13.502Z

Reserved: 2026-05-01T16:34:02.930Z

Link: CVE-2026-7644

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T15:16:14.373

Modified: 2026-05-02T15:16:14.373

Link: CVE-2026-7644

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T16:30:46Z

Weaknesses