CVE-2026-27977 | vercel next.js up to 16.1.6 /_next/webpack-hmr missing origin validation in websockets (GHSA-jcc7-9wpm-mj36)

A vulnerability was found in vercel next.js up to 16.1.6. It has been rated as problematic. The impacted element is an unknown function of the file /_next/webpack-hmr. Performing a manipulation results in missing origin validation in websockets.

This vulnerability is known as CVE-2026-27977. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More