Shatha
1.5K posts
CVE-2026-44578 ⚠️ Next.js – WebSocket Upgrade SSRF (CVSS 8.6) A server-side request forgery vulnerability in Next.js allows unauthenticated attackers to force self-hosted instances to make internal HTTP requests via the WebSocket upgrade handler. By sending a crafted absolute-form HTTP request with Upgrade: websocket headers, attackers can access internal services, cloud metadata endpoints, admin panels, and internal APIs reachable from the Next.js server on port 80. Successful exploitation may expose cloud credentials, API keys, secrets, and configuration data. Affected: Next.js 13.4.13+, 14.x, 15.x <15.5.16, 16.0.0–16.2.4 Mitigation: Upgrade immediately to 15.5.16 or 16.2.5. Modat Magnify Query: technology="Next.js" The platform: magnify.modat.io #threatintel #vulnerability #CVE202644578 #Nextjs #SSRF #WebSocket #CloudSecurity #infosec #Critical #ModatMagnify
ترا في الواقع اجمل من الصوره ونتفه شفتها بالواقع عن قرب
الجداوي نوعين
