CVE-2026-44578
AI description
CVE-2026-44578 is a Server-Side Request Forgery (SSRF) vulnerability that impacts self-hosted Next.js applications utilizing the built-in Node.js server. This flaw is triggered by specially crafted WebSocket upgrade requests. An attacker can exploit this vulnerability to manipulate the affected server into proxying requests to arbitrary internal or external destinations. This could potentially expose internal network resources or cloud metadata endpoints. Vercel-hosted deployments are not affected by this specific vulnerability, and the resolution involves implementing the same safety checks for WebSocket upgrade handling that are already present for standard HTTP requests.
- Description
- -
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
⚠️ Vulnerabilidades en productos Next.js ❗ CVE-2026-44578 ❗ CVE-2026-44574 ❗ CVE-2026-44573 ➡️ Más info: https://t.co/0U8Att9UKf https://t.co/xSWb6rTBgI
@CERTpy
12 May 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 High - Next.js Multiple Vulnerabilities (CVE-2026-44573, CVE-2026-44574, CVE-2026-44575, CVE-2026-44578, CVE-2026-44579, CVE-2026-45109) Multiple issues were identified in Next.js affecting App Router, Pages Router, Server Components, WebSockets, and caching mechanisms. The
@UpwindMDR
11 May 2026
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Next.js v16.2.4 Security PoC Collection CVE-2026-23870 CVE-2026-44575 CVE-2026-44579 CVE-2026-44574 CVE-2026-44578 CVE-2026-44573 CVE-2026-44581 CVE-2026-44580 CVE-2026-44577 CVE-2026-44576 CVE-2026-44582 CVE-2026-44572 https://t.co/255KwkLd0c via: Pr0xy
@Psycho10k_
11 May 2026
1975 Impressions
8 Retweets
43 Likes
28 Bookmarks
0 Replies
0 Quotes