Homepage

next@16.2.5

The React Framework

  • latest version

    16.2.9

  • latest non vulnerable version

    16.3.0-preview.3

  • first published

    14 years ago

  • latest version published

    11 days ago

  • licenses detected

  • View next package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the next package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Authentication Bypass Using an Alternate Path or Channel

    next is a react framework.

    Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the middleware.ts with Turbopack enabled. An attacker can gain unauthorized access to protected resources by bypassing authentication mechanisms through specially crafted segment-prefetch routes.

    Note: This vulnerability relates to the incomplete fix of CVE-2026-44575

    How to fix Authentication Bypass Using an Alternate Path or Channel?

    Upgrade next to version 15.5.18, 16.2.6 or higher.

    >=15.2.0-canary.0 <15.5.18>=16.0.0-beta.0 <16.2.6
    Go back to all versions of this package