CVE-2026-40299
The CVE-2026-40299 issue affects the next-intl library used with Next.js. The vulnerability arises in the middleware when localePrefix: 'as-needed' is enabled, allowing URL handling and the WHATWG URL parser to resolve a relative redirect target to another host. This can cause the browser to be r...