Exploit for Server-Side Request Forgery in Vercel Next.Js

🗓️ 16 May 2026 10:15:20Reported by dinosnType

githubexploit

githubexploit🔗 github.com👁 156 Views

Pre-auth server side request forgery in self-hosted Next.js exposes local services and credentials.

Reporter	Title	Published	Views	Family All 28
GithubExploit	Exploit for Server-Side Request Forgery in Vercel Next.Js	1 Jun 202605:34	–	githubexploit
GithubExploit	Exploit for CVE-2026-23870	7 May 202623:00	–	githubexploit
GithubExploit	patch-to-exploit	26 May 202616:02	–	githubexploit
GithubExploit	Exploit for Server-Side Request Forgery in Vercel Next.Js	20 Jun 202610:33	–	githubexploit
GithubExploit	Exploit for Server-Side Request Forgery in Vercel Next.Js	15 May 202605:02	–	githubexploit
GithubExploit	Exploit for Server-Side Request Forgery in Vercel Next.Js	15 May 202609:02	–	githubexploit
GithubExploit	HackTheBox	7 Jun 202617:19	–	githubexploit
GithubExploit	Exploit for Server-Side Request Forgery in Vercel Next.Js	15 May 202617:14	–	githubexploit
BDU FSTEC	The vulnerability of the Next.js software platform for creating web applications stems from insufficient validation of requests on the server side. This allows attackers to gain unauthorized access to protected information.	18 May 202600:00	–	bdu_fstec
Chainguard	CVE-2026-44578 vulnerabilities	13 May 202601:17	–	cgr

16 May 2026 10:23Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.18.6

EPSS0.37756

SSVC

server side request forgery next js self hosted deployments websocket upgrade local host exposure credentials exposure