| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44580 |
medium |
6.1 |
6.1 |
15d ago |
Next.js has cross-site scripting in beforeInteractive scripts with untrusted input |
|
| CVE-2026-44577 |
medium |
5.9 |
5.9 |
15d ago |
Next.js has a Denial of Service in the Image Optimization API |
|
| CVE-2026-44572 |
medium |
5.9 |
5.9 |
15d ago |
Next.js's Middleware / Proxy redirects can be cache-poisoned |
|
| CVE-2026-44576 |
medium |
5.4 |
5.4 |
15d ago |
Next.js vulnerable to cache poisoning in React Server Component responses |
|
| CVE-2026-44581 |
medium |
4.7 |
4.7 |
15d ago |
Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces |
|