CVE-2026-7643
Deferred Deferred - Pending Action
Permissive Cross-Domain Policy in NextChat API Endpoint

Publication date: 2026-05-02

Last updated on: 2026-05-05

Assigner: VulDB

Description
A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-02
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7643
EUVD
EUVD-2026-26797
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chatgptnextweb nextchat to 2.16.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
CWE-942 The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7643 is a high-severity vulnerability in ChatGPTNextWeb NextChat up to version 2.16.1 caused by a permissive Cross-Origin Resource Sharing (CORS) policy on all API endpoints.

The issue arises from misconfigured CORS headers in the Next.js application, specifically setting Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers to wildcard values (*). This allows any website to make cross-origin requests with custom headers.

An attacker can exploit this by tricking a victim's browser into making arbitrary HTTP requests through the NextChat server, which then attaches its own API keys (such as OpenAI, Anthropic, Azure) to these requests. This is done via a proxy endpoint that falls back to an open proxy handler when an unrecognized provider is used.

The attacker sets a custom header (x-base-url) to a URL like api.openai.com, causing the server to include its API key in the request. Because of the permissive CORS policy, the attacker can read the response from any origin, enabling exfiltration of sensitive keys.

This vulnerability also allows internal network reconnaissance, configuration disclosure, and unauthorized API operations. The attack requires no privileges and only user interaction (visiting a malicious page).

Impact Analysis

This vulnerability can have several serious impacts:

  • Exposure of sensitive API keys (e.g., OpenAI, Anthropic, Azure) to attackers, which can be used to abuse or manipulate AI services.
  • Attackers can perform cross-origin Server-Side Request Forgery (SSRF) attacks, potentially accessing internal network resources or sensitive configurations.
  • Unauthorized API operations can be executed, leading to misuse or disruption of services.
  • The attack requires only that a victim visits a malicious webpage, making it easy to exploit remotely without needing special privileges.
  • The vulnerability can be stealthy and fast due to caching of preflight approvals for 24 hours.
Detection Guidance

This vulnerability can be detected by checking the CORS headers on the NextChat API endpoints to see if they are overly permissive. Specifically, look for the presence of wildcard values such as "Access-Control-Allow-Origin: *", "Access-Control-Allow-Methods: *", and "Access-Control-Allow-Headers: *" in the HTTP responses from the server.

You can use command-line tools like curl to inspect these headers. For example, run the following command against the API endpoint:

  • curl -I https://your-nextchat-domain/api/provider/path

Look for the CORS headers in the response. If they contain wildcards as described, the system is vulnerable.

Additionally, monitoring for unusual cross-origin requests or unexpected usage of the x-base-url or Authorization headers in requests to the API proxy endpoint may indicate exploitation attempts.

Mitigation Strategies

To mitigate this vulnerability immediately, you should restrict the CORS policy on the NextChat API endpoints by removing the wildcard settings and specifying only trusted origins in the Access-Control-Allow-Origin header.

Specifically, update the next.config.mjs configuration to avoid using "*" for Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers.

Additionally, disable or properly secure the open proxy handler in the API endpoint (/api/[provider]/[...path]/route.ts) to prevent abuse by unrecognized providers.

Until an official patch or response is available, consider restricting access to the API endpoints via network controls or web application firewalls to limit exposure.

Compliance Impact

The vulnerability in ChatGPTNextWeb NextChat involves a permissive CORS policy that allows any origin to make cross-origin requests to API endpoints, potentially exposing sensitive API keys and enabling unauthorized API operations.

Such exposure and unauthorized access could lead to data breaches or unauthorized data processing, which may conflict with compliance requirements under standards like GDPR or HIPAA that mandate strict controls over personal and sensitive data access and transmission.

However, the provided information does not explicitly discuss the impact of this vulnerability on compliance with these or other common standards and regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7643. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart