CVE-2026-44574 | vercel next.js up to 15.5.15/16.2.4 Query authentication bypass

A vulnerability classified as critical was found in vercel next.js up to 15.5.15/16.2.4. Affected by this issue is some unknown functionality of the component Query Handler. Such manipulation leads to authentication bypass using alternate channel.

This vulnerability is referenced as CVE-2026-44574. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More