| عنوان | ChatGPTNextWeb NextChat 2.16.1 Unauthenticated Remote Code Execution |
|---|
| الوصف | A critical unauthenticated Remote Code Execution (RCE) vulnerability exists in NextChat (ChatGPT-Next-Web) version 2.16.1. The addMcpServer function in app/mcp/actions.ts is exposed as a Next.js Server Action without any authentication, authorization, or feature-flag gate. An unauthenticated remote attacker can send a single HTTP POST request to the application root with an attacker-controlled command and args payload, causing the server to spawn an arbitrary child process. This grants the attacker full operating system command execution as the server process user, enabling complete server compromise, exfiltration of all API keys and secrets, file system access, and lateral network movement.
The Server Action identifier is embedded in the publicly-served client-side JavaScript bundle, making discovery trivial. No authentication, access code, API key, or user interaction is required. The vulnerability functions regardless of whether the ENABLE_MCP environment variable is set. |
|---|
| المصدر | ⚠️ https://github.com/ChatGPTNextWeb/NextChat/issues/6757 |
|---|
| المستخدم | Yu.Bao (UID 97439) |
|---|
| ارسال | 17/04/2026 08:27 AM (2 أشهر منذ) |
|---|
| الاعتدال | 01/05/2026 06:34 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 360756 [ChatGPTNextWeb NextChat حتى 2.16.1 app/mcp/actions.ts addMcpServer تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|