CVE-2026-7643 | ChatGPTNextWeb NextChat up to 2.16.1 API Endpoint Next.js cross-domain policy (Issue 6756)

A vulnerability, which was classified as problematic, was found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains.

The identification of this vulnerability is CVE-2026-7643. The attack may be launched remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More