Topic

#next-js

1 article exploring next-js. Expert insights and analysis from our editorial team.

Showing 1–1 of 1 articles
Related topics:
ssrf websocket cve self-hosted vulnerability patch-management

Articles

Newest first
Security

Next.js CVE-2026-44578: WebSocket Upgrade SSRF Hits 79,000 Self-Hosted Instances From 13.4.13 Onward

Next.js 15.5.16 and 16.2.5 patch an unauthenticated WebSocket upgrade SSRF. A single absolute-form URL request proxies internal traffic, exposing 79,000 self-hosted instances.
Browse All Topics