CVE-2026-44578 | vercel next.js up to 15.5.15/16.2.4 WebSocket server-side request forgery (GHSA-c4j6-fc7j-m34r)

A vulnerability, which was classified as critical, has been found in vercel next.js up to 15.5.15/16.2.4. This affects an unknown function of the component WebSocket Handler. This manipulation causes server-side request forgery.

The identification of this vulnerability is CVE-2026-44578. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More