1. Home
  2. CVE Database
  3. CVE-2026-44581
MEDIUM · 4.7

CVE-2026-44581

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site ...

Vulnerability Description

Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from request headers could be reflected into rendered HTML in an unsafe way, allowing an attacker to poison cached responses and cause script execution for later visitors. This vulnerability is fixed in 15.5.16 and 16.2.5.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
VercelNext.Js>= 13.4.0, < 15.5.16

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2026-44581?

CVE-2026-44581 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site ...

How severe is CVE-2026-44581?

CVE-2026-44581 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-44581?

Check the references section above for vendor advisories and patch information. Affected products include: Vercel Next.Js.