Yu.Bao

**Name of the Vulnerable Software and Affected Versions** ChatGPTNextWeb NextChat versions prior to 2.16.2 **Description** Improper authorization exists in the `addMcpServer()` function within the `app/mcp/actions.ts` file. This flaw allows for remote exploitation, enabling an attacker to bypass authorization controls. **Recommendations** Update to a version newer than 2.16.1. As a temporary workaround, restrict access to the `addMcpServer()` function until a patch is applied.