CVE-2026-7643
Permissive Cross-Domain Policy in NextChat API Endpoint
Publication date: 2026-05-02
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chatgptnextweb | nextchat | to 2.16.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
| CWE-942 | The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7643 is a high-severity vulnerability in ChatGPTNextWeb NextChat up to version 2.16.1 caused by a permissive Cross-Origin Resource Sharing (CORS) policy on all API endpoints.
The issue arises from misconfigured CORS headers in the Next.js application, specifically setting Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers to wildcard values (*). This allows any website to make cross-origin requests with custom headers.
An attacker can exploit this by tricking a victim's browser into making arbitrary HTTP requests through the NextChat server, which then attaches its own API keys (such as OpenAI, Anthropic, Azure) to these requests. This is done via a proxy endpoint that falls back to an open proxy handler when an unrecognized provider is used.
The attacker sets a custom header (x-base-url) to a URL like api.openai.com, causing the server to include its API key in the request. Because of the permissive CORS policy, the attacker can read the response from any origin, enabling exfiltration of sensitive keys.
This vulnerability also allows internal network reconnaissance, configuration disclosure, and unauthorized API operations. The attack requires no privileges and only user interaction (visiting a malicious page).
How can this vulnerability impact me? :
This vulnerability can have several serious impacts:
- Exposure of sensitive API keys (e.g., OpenAI, Anthropic, Azure) to attackers, which can be used to abuse or manipulate AI services.
- Attackers can perform cross-origin Server-Side Request Forgery (SSRF) attacks, potentially accessing internal network resources or sensitive configurations.
- Unauthorized API operations can be executed, leading to misuse or disruption of services.
- The attack requires only that a victim visits a malicious webpage, making it easy to exploit remotely without needing special privileges.
- The vulnerability can be stealthy and fast due to caching of preflight approvals for 24 hours.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the CORS headers on the NextChat API endpoints to see if they are overly permissive. Specifically, look for the presence of wildcard values such as "Access-Control-Allow-Origin: *", "Access-Control-Allow-Methods: *", and "Access-Control-Allow-Headers: *" in the HTTP responses from the server.
You can use command-line tools like curl to inspect these headers. For example, run the following command against the API endpoint:
- curl -I https://your-nextchat-domain/api/provider/path
Look for the CORS headers in the response. If they contain wildcards as described, the system is vulnerable.
Additionally, monitoring for unusual cross-origin requests or unexpected usage of the x-base-url or Authorization headers in requests to the API proxy endpoint may indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should restrict the CORS policy on the NextChat API endpoints by removing the wildcard settings and specifying only trusted origins in the Access-Control-Allow-Origin header.
Specifically, update the next.config.mjs configuration to avoid using "*" for Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers.
Additionally, disable or properly secure the open proxy handler in the API endpoint (/api/[provider]/[...path]/route.ts) to prevent abuse by unrecognized providers.
Until an official patch or response is available, consider restricting access to the API endpoints via network controls or web application firewalls to limit exposure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in ChatGPTNextWeb NextChat involves a permissive CORS policy that allows any origin to make cross-origin requests to API endpoints, potentially exposing sensitive API keys and enabling unauthorized API operations.
Such exposure and unauthorized access could lead to data breaches or unauthorized data processing, which may conflict with compliance requirements under standards like GDPR or HIPAA that mandate strict controls over personal and sensitive data access and transmission.
However, the provided information does not explicitly discuss the impact of this vulnerability on compliance with these or other common standards and regulations.