CVE-2026-27980
Next.js versions 10.0.0 through 16.1.6 expose an unbounded disk cache in the image optimization feature at /_next/image, allowing denial of service via cache growth. The root cause is a lack of an upper bound on the disk cache; the fix in v16.1.7 adds an LRU-backed disk cache and an eviction poli...