Package impact
NPM / next
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44578 | high | 8.6 | 8.6 | 16d ago | Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades | |||
| CVE-2026-44574 | high | 8.1 | 8.1 | 16d ago | Next.js has a Middleware / Proxy bypass through dynamic route parameter injection | |||
| CVE-2026-45109 | high | 7.5 | 7.5 | 16d ago | Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up | |||
| CVE-2026-44579 | high | 7.5 | 7.5 | 16d ago | Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components | |||
| CVE-2026-44575 | high | 7.5 | 7.5 | 16d ago | Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes | |||
| CVE-2026-44573 | high | 7.5 | 7.5 | 16d ago | Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n |