Black & White Path

May 10, 2026 · Information Security

12 High‑Severity CVEs Simultaneously Disclosed Across All Next.js/React Versions

On May 8, 2026 security researcher dwisiswant0 released a GitHub repository containing proof‑of‑concept exploits for twelve newly fixed CVEs affecting all supported Next.js and React versions, including three high‑severity SSRF, authentication‑bypass, and DoS flaws that threaten most self‑hosted deployments.