High-severity Next.js flaw can expose cloud metadata and internal services

A high-severity vulnerability in Next.js can let attackers force vulnerable self-hosted servers to send requests to internal or external systems. The flaw is tracked as CVE-2026-44578 and affects self-hosted Next.js applications that use the built-in Node.js server. Vercel-hosted deployments are not affected, according to the official advisory. The issue creates a server-side request forgery risk […] The post High-severity Next.js flaw can expose cloud metadata and internal services appeared first on VPN Central.