Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

JavaScript Library

Next.js

Next.js gives you the best developer experience with all the features you need for production: hybrid static amp server rendering TypeScript support smart bundling route pre-fetching and more.

Official Site:

https://nextjs.org/

Severity Summary:

Critical: 2 High: 26 Medium: 20 Low: 3
Reference
Title
Severity
CVE-2026-27978
Next.js Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2026-44577
Next.js Allocation of Resources Without Limits or Throttling Vulnerability
Medium
CVE-2026-44576
Next.js Interpretation Conflict Vulnerability
Medium
CVE-2026-27977
Next.js Missing Origin Validation in WebSockets Vulnerability
Medium
CVE-2020-5284
Next.js Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2026-29057
Next.js Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
Medium
CVE-2025-55183
Next.js Vulnerability
Medium
CVE-2018-18282
Next.js Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-56332
Next.js Allocation of Resources Without Limits or Throttling Vulnerability
Medium
CVE-2025-30218
Next.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2025-48068
Next.js Missing Origin Validation in WebSockets Vulnerability
Medium
CVE-2025-55173
Next.js Improper Input Validation Vulnerability
Medium
CVE-2025-57752
Next.js Use of Cache Containing Sensitive Information Vulnerability
Medium
CVE-2020-15242
Next.js URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2021-37699
Next.js URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2021-39178
Next.js Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-36046
Next.js Improper Check for Unusual or Exceptional Conditions Vulnerability
Medium
CVE-2026-44572
Next.js Acceptance of Extraneous Untrusted Data With Trusted Data Vulnerability
Medium
CVE-2025-49005
Next.js Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
Low
CVE-2025-32421
Next.js Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability
Low
CVE-2026-44582
Next.js Use of Weak Hash Vulnerability
Low