Chatgptnextweb Nextchat vulnerabilities
5 known vulnerabilities affecting chatgptnextweb/nextchat.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-49785P1CRITICALCVSS 9.8ExploitedPoC≤ 2.11.22024-03-12
CVE-2023-49785 [CRITICAL] CWE-79 CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatG
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also
nvd
CVE-2026-7178P3HIGHCVSS 7.3v2.16.0v2.16.12026-04-27
CVE-2026-7178 [HIGH] CWE-918 CVE-2026-7178: A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function st
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public a
nvd
CVE-2026-7177P3HIGHCVSS 7.3v2.16.0v2.16.12026-04-27
CVE-2026-7177 [HIGH] CWE-918 CVE-2026-7177: A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The p
nvd
CVE-2026-7644P3HIGHCVSS 7.3v2.16.0v2.16.12026-05-02
CVE-2026-7644 [HIGH] CWE-266 CVE-2026-7644: A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function add
A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through
nvd
CVE-2026-7643P4MEDIUMCVSS 4.3v2.16.0v2.16.12026-05-02
CVE-2026-7643 [MEDIUM] CWE-346 CVE-2026-7643: A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of t
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of t
nvd