Product

Next (>= 15.4.0, < 15.5.16)

1 brief RSS

Next.js Middleware Authorization Bypass via Dynamic Route Parameter Injection (CVE-2026-44574)

A vulnerability in Next.js (CVE-2026-44574) allows for authorization bypass in applications that use middleware to protect dynamic routes, enabling attackers to render protected content without proper authorization by crafting specific query parameters.

next +1 nextjs middleware authorization bypass CVE-2026-44574 cloud

2r 1t 2h ago