Tag: next.js
All the articles with the tag "next.js".
-
Middleware Authorization Bypass: Skipping Next.js Auth with a Single Header (CVE-2025-29927)
Exploiting CVE-2025-29927 to bypass Next.js middleware-based authentication using the x-middleware-subrequest internal header, accessing a protected internal status page without credentials.
