CVE-2026-45109 Next.js: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6...

CVE-2026-45109

This CVE relates to Next.js prior to fixes: from 15.2.0 to before 15.5.18 and 16.2.6, the fix for CVE-2026-44575 did not apply to middleware.ts with Turbopack. The vulnerability is fixed in Next.js versions 15.5.18 and 16.2.6. Affected software: Next.js (Next.js framework for full‑stack apps). Un...

OPENSUSE-SU-2024:11652-1 ceph-16.2.6.463+g22e7612f9ad-1.1 on GA media

These are all security issues fixed in the ceph-16.2.6.463+g22e7612f9ad-1.1 package on the GA media of openSUSE Tumbleweed...