CVE-2026-44578 – Next.js
CVSS 8.6
IMPORTANT
“A weakness in the web framework can turn every app built on it into a potential entry point.”
This patch addresses CVE-2026-44578 in Next.js, a High severity vulnerability that affects how server-side logic processes user input. The CVSS score is 8.6, which is High severity. The issue could allow attackers to manipulate requests in a way that leads to unauthorized actions or unintended execution paths within applications built on the framework.
No verified exploitation has been confirmed. However, given Next.js is widely used in modern web applications, especially in server-side rendering and API routes, the impact could extend across multiple services if left unpatched.
Key Details
- Affected Product
- Vercel Next.js
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-918
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.