All 5 CVE vulnerabilities found in NextChat, with AI-generated Chinese analysis, references, and POCs.
Vendor: ChatGPTNextWeb
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7644 | ChatGPTNextWeb NextChat actions.ts addMcpServer improper authorization CWE-285 | 7.3 | High | 2026-05-02 |
| CVE-2026-7643 | ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy CWE-942 | 4.3 | Medium | 2026-05-02 |
| CVE-2026-7178 | ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery CWE-918 | 7.3 | High | 2026-04-27 |
| CVE-2026-7177 | ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery CWE-918 | 7.3 | High | 2026-04-27 |
| CVE-2023-49785 | NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting CWE-918 | 9.1 | Critical | 2024-03-11 |
All 5 known CVE vulnerabilities affecting NextChat with full Chinese analysis, references, and POCs where available.