2 matches found
CVE-2026-40299
A flaw was found in next-intl, a library for internationalization in Next.js applications. A remote attacker could exploit this vulnerability in applications using the next-intl middleware with localePrefix: 'as-needed'. By crafting specific URLs, the attacker could cause the middleware to redire...
CVE-2026-40299 next-intl has an open redirect vulnerability
next-intl provides internationalization for Next.js. Applications using the next-intl middleware prior to version 4.9.1with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host e.g. scheme-relative // or...