npm - next - Versions - 15.0.0-canary.99 - Mend

next 15.0.0-canary.99

1 security vulnerability found in version 15.0.0-canary.99

Next.js Improper Middleware Redirect Handling Leads to SSRF

medium severity CVE-2025-57822

Affected versions: >= 15.0.0.pre.canary.0, < 15.4.7

A vulnerability in Next.js Middleware has been fixed in v14.2.32 and v15.4.7. The issue occurred when request headers were directly passed into NextResponse.next(). In self-hosted applications, this could allow Server-Side Request Forgery (SSRF) if certain sensitive headers from the incoming request were reflected back into the response.

All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.

More details at Vercel Changelog

No license issues detected.

This package version has a license in the source code.

This package version is available.

This package version has not been yanked and is still available for usage.