Product
high
advisory
Next.js i18n Pages Router Middleware Authentication Bypass (CVE-2026-44573)
2 rules 1 TTPNext.js applications using the Pages Router with `i18n` and middleware-based authorization are vulnerable to an authentication bypass (CVE-2026-44573), allowing unauthorized access to protected page data via locale-less `/_next/data/<buildId>/<page>.json` requests.
next +1
nextjs
authentication-bypass
vulnerability
2r
1t
high
advisory
Next.js Middleware Authorization Bypass via Dynamic Route Parameter Injection (CVE-2026-44574)
2 rules 1 TTPA vulnerability in Next.js (CVE-2026-44574) allows for authorization bypass in applications that use middleware to protect dynamic routes, enabling attackers to render protected content without proper authorization by crafting specific query parameters.
next +1
nextjs
middleware
authorization
bypass
CVE-2026-44574
cloud
2r
1t