tag
Next.js
Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182·
Next.js (App Router with React Server Components), React
patched
Low
Next.js x-nextjs-data Cache Poisoning (CVE-2026-44572)
CVE-2026-44572·
Next.js Pages Router (redirect handling via middleware or next.config.js)
patched
High
Next.js WebSocket Upgrade SSRF (Self-Hosted) (CVE-2026-44578)
CVE-2026-44578·
Next.js standalone router server (next start)
unpatched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870·
Next.js App Router (React server-action / RSC reply parser)
unpatched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576·
Next.js App Router deployments using React Server Components (RSC) behind shared caches
patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582·
Next.js App Router
patched
Medium
Next.js Image Optimization API OOM DoS (Self-Hosted) (CVE-2026-44577)
CVE-2026-44577·
Next.js Image Optimization API (/_next/image) on self-hosted deployments
unpatched
High
Next.js i18n Middleware Bypass (CVE-2026-44573)
CVE-2026-44573·
Next.js Pages Router with i18n configuration
unpatched
High
Next.js Dynamic Route Injection Auth Bypass (CVE-2026-44574)
CVE-2026-44574·
Next.js App Router with dynamic route segments and middleware-based access control
unpatched
Medium
Next.js CSP Nonce Cache-Poisoned XSS (CVE-2026-44581)
CVE-2026-44581·
Next.js App Router applications using CSP nonces
patched
High
Next.js Cache Components Connection Exhaustion DoS (CVE-2026-44579)
CVE-2026-44579·
Next.js applications using Cache Components / Partial Prerendering (PPR)
patched
Medium
Next.js beforeInteractive Script XSS (CVE-2026-44580)
CVE-2026-44580·
Next.js applications using next/script with strategy="beforeInteractive"
patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575·
Next.js App Router applications that rely on middleware.ts matchers to protect routes
patched
Critical
Next.js Corrupt Middleware Auth Bypass (CVE-2025-29927)
CVE-2025-29927·
Next.js (Vercel)
patched