tag
App-Router
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870·
Next.js App Router (React server-action / RSC reply parser)
unpatched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574·
Next.js App Router with dynamic route segments and middleware-based access control
unpatched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581·
Next.js App Router applications using CSP nonces
patched
Medium
Next.js beforeInteractive Script XSS (CVE-2026-44580)
CVE-2026-44580·
Next.js applications using next/script with strategy="beforeInteractive"
patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575·
Next.js App Router applications that rely on middleware.ts matchers to protect routes
patched