CVE-2026-7644 - ChatGPTNextWeb NextChat actions.ts addMcpServer improper authorization
CVE ID :CVE-2026-7644 Published : May 2, 2026, 3:16 p.m. | 51 minutes ago Description :A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploita
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Bot her emails: most modern phishing campaigns are AI-enabled
- [CYBER] Canonical under DDoS: what my Railway logs and uptime say about my real exposure
- [CYBER] Canonical bajo DDoS: lo que mis logs de Railway y uptime dicen sobre mi exposición real
- [CYBER] An ansible playbook to mitigate the copy-fail vulnerability
- [CYBER] How do you triage patches without a full vuln management stack?
- [CYBER] Analysing Microsoft audit logs