Tag: middleware

All the articles with the tag "middleware".

• Middleware Authorization Bypass: Skipping Next.js Auth with a Single Header (CVE-2025-29927)

  kOaDT

  21 Mar, 2026

  Exploiting CVE-2025-29927 to bypass Next.js middleware-based authentication using the x-middleware-subrequest internal header, accessing a protected internal status page without credentials.