Tag

Next.js

2 briefs RSS

Next.js Cache Components Vulnerable to Denial-of-Service via Connection Exhaustion (CVE-2026-44579)

Next.js applications using Partial Prerendering through Cache Components are vulnerable to connection exhaustion (CVE-2026-44579), where crafted POST requests to a server action trigger a request-body handling deadlock, consuming server capacity and leading to denial of service.

next +1 denial-of-service connection-exhaustion next.js cve-2026-44579

2r 1t 2h ago

high advisory

Next.js SSRF Vulnerability via WebSocket Upgrade Requests (CVE-2026-44578)

2 rules 1 TTP

Next.js applications using WebSocket upgrades are vulnerable to server-side request forgery (SSRF) through crafted WebSocket upgrade requests, allowing attackers to proxy requests to internal or external destinations, affecting self-hosted applications running versions npm/next (>= 13.4.13, < 15.5.16) and npm/next (>= 16.0.0, < 16.2.5).

next.js ssrf cve-2026-44578 websocket server-side request forgery

2r 1t 2h ago