Main Vulnerability Database Vulnerabilities #VU130277

Authentication bypass using an alternate path or channel in Next.js - #VU130277

Published: May 6, 2026

Vulnerability identifier: #VU130277

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Next.js

Software vendor:
vercel

Description

The vulnerability allows a remote user to bypass authorization checks and access protected content.

The vulnerability exists due to authentication bypass using an alternate path or channel in middleware protection for dynamic routes when handling specially crafted query parameters. A remote user can send specially crafted query parameters to bypass authorization checks and access protected content.

The issue affects applications that rely on middleware path matching to protect dynamic routes.

Remediation

Install security update from vendor's website.

External links

https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv

Authentication bypass using an alternate path or channel in Next.js - #VU130277

Description

Remediation

External links

Please verify you're human