Sorry, we don't support your browser.  Install a modern browser

Security vulnerability#482

My cyber security provider informed me of a vulnerability in your system because I have the white labeled domain. Please see below and patch as soon as possible.

Thank you!

We have determined that one or more of your assets are running a vulnerable version of Next.js. Multiple authentication bypass vulnerabilities have been discovered in React Server Components that are used by Next.js. These vulnerabilities allow attackers to access protected areas of an application — including admin panels, user accounts, and authenticated API endpoints — without valid credentials, potentially enabling unauthorized data access, account takeover, and exfiltration of sensitive records such as customer data and API keys. These bypasses can also serve as an entry point that chains with other application weaknesses to deepen a compromise.

The vulnerabilities are tracked as CVE-2026-44573, CVE-2026-44574, and CVE-2026-44575. Affected versions of Next.js are:

v12.2.0 up to (excluding) v15.5.16
v16.0.0 up to (excluding) v16.2.5

How to resolve:

Immediately update your Next.js systems to a patched version:

15.5.16
16.2.5
Web Application Firewalls are not able to protect systems from these vulnerabilities without potentially breaking application behavior.

References:

Cloudflare Advisory
CVE-2026-44573 Advisory
CVE-2026-44574 Advisory
CVE-2026-44575 Advisory

2 months ago