CVE-2026-7644
Published: 02 May 2026
Summary
CVE-2026-7644 is a medium-severity Incorrect Privilege Assignment (CWE-266) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-7644 is an improper authorization vulnerability (CWE-266, CWE-285) in ChatGPTNextWeb's NextChat application, affecting versions up to 2.16.1. The flaw is located in the addMcpServer function within the file app/mcp/actions.ts, where manipulation enables unauthorized actions.
Remote attackers require no privileges (PR:N) and can exploit the issue over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N), as reflected in its CVSS v3.1 base score of 7.3 (S:U/C:L/I:L/A:L). Successful exploitation grants low impacts on confidentiality, integrity, and availability.
Advisories from VulDB note that the project was informed early via GitHub issue #6757 but has not responded, with no patches or mitigations detailed. The exploit has been publicly disclosed and may be actively used, per the CVE description.
ChatGPTNextWeb NextChat is an open-source interface related to ChatGPT deployments, highlighting relevance to AI/ML web applications in practitioner environments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26798
Vulnerability details
A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the…
more
public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper authorization vulnerability in public-facing NextChat web app enables remote unauthorized actions with no privileges or interaction required, directly mapping to exploitation of public-facing applications.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for access to system resources, directly countering the improper authorization flaw in the addMcpServer function.
Requires identification, reporting, and correction of the specific vulnerability in app/mcp/actions.ts, eliminating the improper authorization issue.
Applies least privilege to restrict unauthorized actions even if initial authorization checks fail in the vulnerable function.