AI Score
Confidence
High
EPSS
Percentile
24.2%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.