First reported by Cloudflare
Workers, Pages, WAF - New Managed WAF rule for Next.js CVE-2025-29927.
CVE-2025-29927 Authorization Bypass in Next.js Middleware
1y agoen
Source
SnykCVE-2025-29927 Authorization Bypass in Next.js Middlewaresnyk.ioOn Friday morning, March 21, 2025, at 9:00 a.m. UTC, a security advisory identified as CVE-2025-29927 was published. It cited a critical 9.1 severity vulnerability for mainstream Next.js applications.
You might also wanna read

WAF - WAF Release - 2026-05-07 - Emergency
Cloudflare·2mo ago

Workers, Pages, WAF - New Managed WAF rule for Next.js CVE-2025-29927.
Cloudflare·1y ago
Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol
A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10
Next.js Security Update: Two New React Server Component Vulnerabilities Identified
Two new security vulnerabilities (CVE-2025-55183 and CVE-2025-55184) have been discovered in React Server Components (RSC) protocol, affecti
Critical React Vulnerability (CVE-2025-55182) Enables Remote Code Execution in React 19 and Next.js
A critical security vulnerability (CVE-2025-55182) has been discovered in React Server Components' 'Flight' protocol, affecting React 19 and

WAF - WAF Release - 2025-08-29 - Emergency
Cloudflare·10mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.