CVE lookup
CVE-2025-29927
Pruva has a verified reproduction for CVE-2025-29927: Next.js middleware authorization bypass via x-middleware-subrequest. The canonical evidence record is REPRO-2026-00198.
REPRO
REPRO-2026-00198
Package
next · npm
Severity
CRITICAL
Status
published