Browse all 6 CVE security advisories affecting ChatGPTNextWeb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ChatGPTNextWeb serves as a web-based interface for OpenAI's ChatGPT, enabling users to interact with the AI model through a browser. Historically, it has been susceptible to multiple security vulnerabilities, including cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from improper input validation and insecure API integrations. The application has faced six documented CVEs, highlighting risks like privilege escalation and data exposure. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities suggests ongoing challenges in secure development practices, emphasizing the need for rigorous input sanitization and regular security assessments to mitigate potential threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7644 | ChatGPTNextWeb NextChat actions.ts addMcpServer improper authorization — NextChatCWE-285 | 7.3 | High | 2026-05-02 |
| CVE-2026-7643 | ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policy — NextChatCWE-942 | 4.3 | Medium | 2026-05-02 |
| CVE-2026-7178 | ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery — NextChatCWE-918 | 7.3 | High | 2026-04-27 |
| CVE-2026-7177 | ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery — NextChatCWE-918 | 7.3 | High | 2026-04-27 |
| CVE-2023-49785 | NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting — NextChatCWE-918 | 9.1 | Critical | 2024-03-11 |
This page lists every published CVE security advisory associated with ChatGPTNextWeb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.