Skip to content

CVE lookup

CVE-2025-29927

Pruva has a verified reproduction for CVE-2025-29927: Next.js middleware authorization bypass via x-middleware-subrequest. The canonical evidence record is REPRO-2026-00198.

REPRO

REPRO-2026-00198

Package

next · npm

Severity

CRITICAL

Status

published