CNNVD-202601-4339 Information

CNNVD ID

CNNVD-202601-4339

Related CVE

CVE-2025-59471

• CNNVD Published: 2026-01-26

Description (Chinese)

Next.js是Vercel开源的一个 React 框架。 Next.js存在安全漏洞，该漏洞源于图像优化端点未强制执行最大大小限制，可能导致内存耗尽和拒绝服务。

Description (English)

Next.js is a react framework for Vercel ’s open source. Next.js has a security loophole, which stems from the failure of the image optimization endpoint to enforce maximum size limits, which may result in the depletion of memory and the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Vercel

Published

2026-01-26

Last Modified

2026-02-24

References

https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f

Patch

https://github.com/vercel/next.js/releases