CVE-2026-44581

Next.js

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-44581 describes a cross-site scripting (XSS) vulnerability affecting Next.js App Router applications that employ Content Security Policy (CSP) nonces. This flaw is particularly noteworthy as it exploits a mechanism specifically designed to prevent XSS attacks, effectively turning CSP nonces against their intended purpose. The vulnerability impacts React's server component packages, including `react-server-dom-webpack`, `react-server-dom-parcel`, and `react-server-dom-turbopack`, for which patched versions have been released.

Description
-

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

4

  1. Next.js v16.2.4 Security PoC Collection CVE-2026-23870 CVE-2026-44575 CVE-2026-44579 CVE-2026-44574 CVE-2026-44578 CVE-2026-44573 CVE-2026-44581 CVE-2026-44580 CVE-2026-44577 CVE-2026-44576 CVE-2026-44582 CVE-2026-44572 https://t.co/255KwkLd0c via: Pr0xy

    @Psycho10k_

    11 May 2026

    1975 Impressions

    8 Retweets

    43 Likes

    28 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. CVE-2026-44573
  2. CVE-2026-44574
  3. CVE-2026-44575
  4. CVE-2026-44578
  5. CVE-2026-44579

References

Sources include official advisories and independent security research.