Next.js May 2026 security release (opens in new tab)
Summary We have shipped a coordinated security release for Next\.js addressing 13 advisories across denial of service, middleware and proxy bypass, server-side request forgery, cache poisoning, and cross-site scripting\. One advisory addresses an upstream React Server Components vulnerability tracked as CVE-2026-23870 \. Recommended actions Patched versions are available for both React and Next\.js, and all affected users should upgrade immediately\. Impact The release addresses the following...
Read the original article