Ghostwire

CVE-2026-7644: A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the...

HIGH CVSS 7.3 Exploit Available 1 PoC

Published: May 2, 2026 | Last Modified: May 2, 2026

Description

A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
1 proof-of-concept exploit available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

ChatGPTNextWeb/NextChat

CVE-2026-7644: A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the...

Description

Ghostwire Analysis — What This Means Practically

Proof-of-Concept Exploits (1)

Security Coverage (1 articles)

References