6 matches found
CVE-2023-46298
CVE-2023-46298 affects Next.js (pre-13.4.20-canary.13) where a missing cache-control header can allow empty prefetch responses to be cached by a CDN, enabling a denial of service for users accessing the same URL through that CDN. The available documents identify the affected product and the root ...
CVE-2025-32421
Next.js CVE-2025-32421 describes a race-condition in the Pages Router that, under certain misconfigurations, can cause endpoints to serve pageProps data instead of HTML. Affected versions are pre-14.2.24 and pre-15.1.6; patch versions 14.2.24 and 15.1.6 strip the x-now-route-matches header to mit...
CVE-2025-57822
CVE-2025-57822 (Next.js SSRF via next() in self-hosted environments) The connected documents confirm a concrete SSRF vulnerability in Next.js when next() is called without explicitly passing the request object, allowing headers to be forwarded insecurely in self-hosted middleware. Impact is descr...
CVE-2025-49826
CVE-2025-49826 affects Next.js (Next.js versions 15.0.4-canary.51 through, but not including, 15.1.8). The root cause is a cache poisoning flaw that can allow a HTTP 204 response for static pages to be cached and subsequently served to all users, yielding a DoS. The issue does not impact customer...
CVE-2025-55173
CVE-2025-55173 is a vulnerability in Next.js Image Optimization: attacker-controlled external image sources could cause content injection, enabling file downloads with arbitrary content/filenames under certain configurations and potentially aiding phishing. Affected versions are Next.js before 14...
CVE-2025-57752
CVE-2025-57752 affects Next.js image optimization API routes. The cache key confusion bug can cause responses that depend on request headers (e.g., Cookie/Authorization) to be cached and served to unauthorized users. Impact: potential exposure of image responses to unintended users. Affected vers...