CNNVD-202601-4350 Information
Jan 26, 2026
cve
CNNVD ID
CNNVD-202601-4350
Related CVE
- CNNVD Published: 2026-01-26
Description (Chinese)
Next.js是Vercel开源的一个 React 框架。 Next.js存在安全漏洞,该漏洞源于PPR恢复端点存在无限制请求体缓冲和解压缩,可能导致内存耗尽和拒绝服务。
Description (English)
Next.js is a react framework for Vercel ’s open source. Next.js has a security loophole, which stems from an unlimited request buffer and decompression at the PPR restoration endpoint, which may lead to depletion of memory and denial of services.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Vercel
Published
2026-01-26
Last Modified
2026-02-24
References
https://github.com/vercel/next.js/security/advisories/GHSA-5f7q-jpqc-wp7h
Patch
https://github.com/vercel/next.js/releases
Share on: