Package impact
NPM / next
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44578 | high | 8.6 | 8.6 | 15d ago | Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades | |
| CVE-2026-44574 | high | 8.1 | 8.1 | 15d ago | Next.js has a Middleware / Proxy bypass through dynamic route parameter injection | |
| CVE-2026-45109 | high | 7.5 | 7.5 | 15d ago | Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up | |
| CVE-2026-44579 | high | 7.5 | 7.5 | 15d ago | Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components | |
| CVE-2026-44575 | high | 7.5 | 7.5 | 15d ago | Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes | |
| CVE-2026-44573 | high | 7.5 | 7.5 | 15d ago | Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n |