4 matches found
CVE-2026-29057
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...
CVE-2026-29057
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...
Linux Distros Unpatched Vulnerability : CVE-2026-29057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites...
HTTP Request Smuggling
Overview next is a react framework. Affected versions of this package are vulnerable to HTTP Request Smuggling during the rewrite of the proxy traffic to an external backend. An attacker can access unintended backend routes by sending crafted DELETE or OPTIONS requests with Transfer-Encoding:...