CVE-2026-44576 Next.js: Cache poisoning in React Server Component responses

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

CVE-2026-44576 Next.js: Cache poisoning in React Server Component responses

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

CVE-2026-44576

Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...

Next.js 安全漏洞

Next.js is a React framework open source by Vercel. Versions of Next.js from 14.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities stem from improperly partitioning response variants when using React Server Components, which can lead to cache...

Malicious code in afk-react-intl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 807b3bc717a7c8f60ecb69d7653fd0942431e9e6adf27cb34e2f68b4bae06cec The OpenSSF Package Analysis project identified 'afk-react-intl' @ 99.99.99 npm as malicious. It is considered malicious because: - The package...

MAL-2026-3616 Malicious code in afk-react-intl (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 807b3bc717a7c8f60ecb69d7653fd0942431e9e6adf27cb34e2f68b4bae06cec The OpenSSF Package Analysis project identified 'afk-react-intl' @ 99.99.99 npm as malicious. It is considered malicious because: - The package...

@uipath/ap-chat (=1.5.6) potentially affected by unknown CVE via @uipath/apollo-react (=4.24.2)

@uipath/apollo-react NPM version =4.24.2 is affected by a known vulnerability. The following packages have a transitive dependency on @uipath/apollo-react and may be impacted: - @uipath/ap-chat =1.5.6 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3532...

Malicious code in @uipath/apollo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 235b3abc1afad9d8a47430183286bbef61e16f74be20b29c7d967a8d528ecdf4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@uipath/ap-chat (>=1.4.6 <=1.5.6), @uipath/apollo-react (>=3.26.1 <=4.24.2) +4 more potentially affected by unknown CVE via @uipath/apollo-core (>=5.6.2 <=5.9.1)

@uipath/apollo-core NPM version =5.6.2, =1.4.6, =3.26.1, =0.7.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3531...

Malicious code in @tanstack/react-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 006982dd9591684fdcea74c0b70c7600a22bfc969bac6b9fb64f728e7ab34d80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3468 Malicious code in @tanstack/react-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 006982dd9591684fdcea74c0b70c7600a22bfc969bac6b9fb64f728e7ab34d80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 048a583947c3ecbeb540293e0de5d513e84f0ea2793ca31ee5d2a76d4f750ddd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +92 more potentially affected by unknown CVE via @tanstack/react-start-server (>=1.121.0-alpha.28 <=1.166.52)

@tanstack/react-start-server NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3471...

MAL-2026-3471 Malicious code in @tanstack/react-start-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 048a583947c3ecbeb540293e0de5d513e84f0ea2793ca31ee5d2a76d4f750ddd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3470 Malicious code in @tanstack/react-start-rsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-start-rsc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54678e0e02befdbc43f928e36fa9a25991d3eb222775849d4225eab0480904f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3469 Malicious code in @tanstack/react-start-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8358ce998650baf1a9cb6bb602109da81268c43855ad0b16f892687cc89f104d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69), @8btc/office-assistant-mcp (>=0.0.1 <=0.0.26-beta.1) +457 more potentially affected by unknown CVE via @tanstack/react-router (>=1.0.0 <=1.169.2)

@tanstack/react-router NPM version =1.0.0, =0.0.1, =0.0.1, =0.1.0, =0.2.0, =1.0.0, =0.0.1-alpha.14, =0.1.0, =0.0.2-canary.11, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =0.18.0, =0.19.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3465...

MAL-2026-3465 Malicious code in @tanstack/react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b329cb477cc0d977f9e8e6df59072ea002d6d041b99531596fbd87b8ff80aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @tanstack/react-router (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b329cb477cc0d977f9e8e6df59072ea002d6d041b99531596fbd87b8ff80aefd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...