看乐了,还好我已经远离 Next.js 了
CVE-2026-44578
CVE-2026-44578
⚠️ Next.js – WebSocket Upgrade SSRF (CVSS 8.6)
A server-side request forgery vulnerability in Next.js allows unauthenticated attackers to force self-hosted instances to make internal HTTP requests via the WebSocket upgrade handler.
By sending a crafted absolute-form HTTP request with Upgrade: websocket headers, attackers can access internal services, cloud metadata endpoints, admin panels, and internal APIs reachable from the Next.js server on port 80. Successful exploitation may expose cloud credentials, API keys, secrets, and configuration data.
Affected: Next.js 13.4.13+, 14.x, 15.x <15.5.16, 16.0.0–16.2.4
Mitigation: Upgrade immediately to 15.5.16 or 16.2.5.
Modat Magnify Query:
technology="Next.js"
The platform:
https://magnify.modat.io/
#threatintel #vulnerability #CVE202644578 #Nextjs #SSRF #WebSocket #CloudSecurity #infosec #Critical #ModatMagnify
最近 CVE 好 热 闹 啊
这次特朗普访华的名单我看了,我们频道没有一个人在里面!那份名单!我翻来覆去看了三遍!我们频道,全军覆没!一个都没有!一个都没有啊!!!希望大家多做些有意义的事情,而不是整天虚度光阴!特朗普来了,你们这些顶尖人才连个边都没摸到?一个个人五人六的,就这能力?就这?我太失望了,真的太失望了!从今天开始,都给我支棱起来!下次再有这种国际级场合,我不要求你们都上名单,但至少,至少!要让所有人知道我们收到了邀请!!!
