2 matches found
CVE-2026-40299
next-intl provides internationalization for Next.js. Applications using the next-intl middleware prior to version 4.9.1with localePrefix: 'as-needed' could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host e.g. scheme-relative // or...
CVE-2026-40299
The CVE-2026-40299 issue affects the next-intl library used with Next.js. The vulnerability arises in the middleware when localePrefix: 'as-needed' is enabled, allowing URL handling and the WHATWG URL parser to resolve a relative redirect target to another host. This can cause the browser to be r...