tag
Cache-Poisoning
High
nghttpx HTTP/1.1 Upgrade Request Body Response Queue Poisoning
None assigned as of 2026-07-03·
nghttp2's nghttpx reverse proxy
patched
High
Next.js unstable_cache Object-Argument Cache-Key Collision
None assigned as of 2026-07-03·
Next.js (App Router, Data Cache)
unpatched
Low
Next.js x-nextjs-data Cache Poisoning (CVE-2026-44572)
CVE-2026-44572·
Next.js Pages Router (redirect handling via middleware or next.config.js)
patched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576·
Next.js App Router deployments using React Server Components (RSC) behind shared caches
patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582·
Next.js App Router
patched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581·
Next.js App Router applications using CSP nonces
patched