CVE-2026-44573
AI description
CVE-2026-44573 is identified as a Pages Router i18n Middleware Bypass vulnerability affecting applications built with Next.js. This flaw specifically impacts applications that utilize the Pages Router with internationalization (i18n) configured in conjunction with middleware-based authorization. The vulnerability allows locale-less requests to `/next/data/<buildId>/<page>.json` to completely bypass the middleware. This bypass enables attackers to retrieve server-side rendered JSON data for pages that should otherwise be protected by authorization checks. To address this, the matcher logic has been updated to ensure consistent matching for both prefixed and unprefixed data routes.
- Description
- -
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
⚠️ Vulnerabilidades en productos Next.js ❗ CVE-2026-44578 ❗ CVE-2026-44574 ❗ CVE-2026-44573 ➡️ Más info: https://t.co/0U8Att9UKf https://t.co/xSWb6rTBgI
@CERTpy
12 May 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 High - Next.js Multiple Vulnerabilities (CVE-2026-44573, CVE-2026-44574, CVE-2026-44575, CVE-2026-44578, CVE-2026-44579, CVE-2026-45109) Multiple issues were identified in Next.js affecting App Router, Pages Router, Server Components, WebSockets, and caching mechanisms. The
@UpwindMDR
11 May 2026
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Next.js v16.2.4 Security PoC Collection CVE-2026-23870 CVE-2026-44575 CVE-2026-44579 CVE-2026-44574 CVE-2026-44578 CVE-2026-44573 CVE-2026-44581 CVE-2026-44580 CVE-2026-44577 CVE-2026-44576 CVE-2026-44582 CVE-2026-44572 https://t.co/255KwkLd0c via: Pr0xy
@Psycho10k_
11 May 2026
1975 Impressions
8 Retweets
43 Likes
28 Bookmarks
0 Replies
0 Quotes