{"data":{"id":"a1361030-9b37-43cd-a5ab-6743aabc8eba","title":"CVE-2026-7643: A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of t","summary":"ChatGPTNextWeb NextChat versions up to 2.16.1 contain a flaw in its Next.js API endpoint that allows attackers to manipulate a function and create a permissive cross-domain policy with untrusted domains (meaning the system accepts requests from any website, not just trusted ones). The attack can be launched remotely, an exploit has been published, but the project developers have not yet responded to the early notification.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7643","publishedAt":"2026-05-02T15:16:14.203Z","cveId":"CVE-2026-7643","cweIds":["CWE-346","CWE-942"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ChatGPTNextWeb","NextChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-02T15:16:14.203Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}