CVE-2026-29057 | vercel next.js up to 15.5.12/16.1.6 request smuggling (GHSA-ggv3-7p47-pfv8)

A vulnerability, which was classified as critical, has been found in vercel next.js up to 15.5.12/16.1.6. Affected by this issue is some unknown functionality. Performing a manipulation results in http request smuggling.

This vulnerability is cataloged as CVE-2026-29057. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More