PoC Archive PoC Archive

tag

Next.js

Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182· Next.js (App Router with React Server Components), React patched
Low
Next.js x-nextjs-data Cache Poisoning (CVE-2026-44572)
CVE-2026-44572· Next.js Pages Router (redirect handling via middleware or next.config.js) patched
High
Next.js WebSocket Upgrade SSRF (Self-Hosted) (CVE-2026-44578)
CVE-2026-44578· Next.js standalone router server (next start) unpatched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870· Next.js App Router (React server-action / RSC reply parser) unpatched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576· Next.js App Router deployments using React Server Components (RSC) behind shared caches patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582· Next.js App Router patched
Medium
Next.js Image Optimization API OOM DoS (Self-Hosted) (CVE-2026-44577)
CVE-2026-44577· Next.js Image Optimization API (/_next/image) on self-hosted deployments unpatched
High
Next.js i18n Middleware Bypass (CVE-2026-44573)
CVE-2026-44573· Next.js Pages Router with i18n configuration unpatched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574· Next.js App Router with dynamic route segments and middleware-based access control unpatched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581· Next.js App Router applications using CSP nonces patched
High
Next.js Cache Components Connection Exhaustion DoS (CVE-2026-44579)
CVE-2026-44579· Next.js applications using Cache Components / Partial Prerendering (PPR) patched
Medium
Next.js beforeInteractive Script XSS (CVE-2026-44580)
CVE-2026-44580· Next.js applications using next/script with strategy="beforeInteractive" patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575· Next.js App Router applications that rely on middleware.ts matchers to protect routes patched
Critical
Next.js Corrupt Middleware Auth Bypass (CVE-2025-29927)
CVE-2025-29927· Next.js (Vercel) patched