7 matches found
CVE-2026-29057
creationtimestamp| type| source ---|---|--- 2026-07-08 23:25:03+00:00| seen| https://gist.github.com/itspokchop93/3608aed328d0052b908ae25501a3ecd0 2026-07-09 00:00:29+00:00| seen| https://gist.github.com/itspokchop93/3608aed328d0052b908ae25501a3ecd0...
ROOT-APP-NPM-CVE-2026-29057 CVE-2026-29057 in @rootio/next - Patched by Root
Root has patched CVE-2026-29057 in the @rootio/next package for Root:npm. Multiple fixed versions available...
CVE-2026-29057 vulnerabilities
Vulnerabilities for packages: langfuse, jitsucom-jitsu...
Next.js Framework 9.5.x < 15.5.3 / 16.x < 16.1.7 HTTP Request Smuggling (GHSA-ggv3-7p47-pfv8)
The Next.js Framework on the remote host is affected by an HTTP request smuggling vulnerability: - A vulnerability exists in Next.js proxy rewrites where a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary disagreement between the proxy and backend. An...
CVE-2026-29057
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...
CVE-2026-29057 Next.js: HTTP request smuggling in rewrites
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...
Linux Distros Unpatched Vulnerability : CVE-2026-29057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites...