| CVE-2026-44578 |
high |
8.6 |
8.6 |
15d ago |
Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades |
|
| CVE-2026-44574 |
high |
8.1 |
8.1 |
15d ago |
Next.js has a Middleware / Proxy bypass through dynamic route parameter injection |
|
| CVE-2026-45109 |
high |
7.5 |
7.5 |
15d ago |
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up |
|
| CVE-2026-44579 |
high |
7.5 |
7.5 |
15d ago |
Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components |
|
| CVE-2026-44575 |
high |
7.5 |
7.5 |
15d ago |
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes |
|
| CVE-2026-44573 |
high |
7.5 |
7.5 |
15d ago |
Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n |
|
| CVE-2026-44582 |
low |
3.7 |
3.7 |
15d ago |
Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting |
|