Posts tagged “cve”

CVE-2026-44578: Next.js WebSocket SSRF

High-severity (CVSS 8.6) SSRF in the Next.js WebSocket upgrade handler lets unauthenticated attackers proxy GETs to internal services on port 80.