A security vulnerability in Next.js was responsibly disclosed, which allows malicious actors to bypass authorization in Middleware when targeting the
Vercel customers are not affected. We still recommend updating to the patched versions. Learn more about CVE-2025-29927.
Read more
Continue reading...
x-middleware-subrequest header.Vercel customers are not affected. We still recommend updating to the patched versions. Learn more about CVE-2025-29927.
Read more
Continue reading...