9 matches found
Remote Code Execution (RCE)
next-mdx-remote is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient sanitization of MDX content in the serialize function, which allows an attacker to execute arbitrary code...
CVE-2026-0969
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...
@aliceoq/library-test (>=1.3.2 <=1.3.3), @bentwnghk/chat (>=1.61.0 <=1.107.2) +165 more potentially affected by CVE-2026-0969 via next-mdx-remote (>=4.4.1 <=5.0.0)
next-mdx-remote NPM version =4.4.1, =1.3.2, =1.61.0, =1.1.1, =0.0.2, =1.0.0, =0.1.1, =0.0.1, =2.13.2, =0.0.3, =0.2.0, =0.0.66, =0.1.10, =0.1.11 - @graphcommerce/docs =3.1.4 and more Source cves: CVE-2026-0969 Source advisory: OSV:GHSA-G4XW-JXRG-5F6M...
CVE-2026-0969
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...
@aliceoq/library-test (>=1.3.2 <=1.3.3), @bentwnghk/chat (>=1.61.0 <=1.107.2) +165 more potentially affected by CVE-2026-0969 via next-mdx-remote (>=4.4.1 <=5.0.0)
next-mdx-remote NPM version =4.4.1, =1.3.2, =1.61.0, =1.1.1, =0.0.2, =1.0.0, =0.1.1, =0.0.1, =2.13.2, =0.0.3, =0.2.0, =0.0.66, =0.1.10, =0.1.11 - @graphcommerce/docs =3.1.4 and more Source cves: CVE-2026-0969 Source advisory: SNYK:JS-NEXTMDXREMOTE-15282839...
CVE-2026-0969
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...
CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...
CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...
PT-2026-7809
Name of the Vulnerable Software and Affected Versions next-mdx-remote versions 4.3.0 through 5.0.0 Description The serialize function within next-mdx-remote is susceptible to arbitrary code execution because of inadequate sanitization of MDX content. This allows untrusted MDX to execute JavaScrip...