CVE-2026-44582

Published: Mag 13, 2026 Last Modified: Mag 13, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,7

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions in the _rsc cache-busting value can allow an attacker to poison cache entries so users receive the wrong response variant for a given URL. This vulnerability is fixed in 15.5.16 and 16.2.5.

328

Use of Weak Hash

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

Technologies: ICS/OT

View CWE Details

https://github.com/vercel/next.js/security/advisories/GHSA-…

https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949

CVE-2026-44582

Description

Use of Weak Hash

Common Consequences

Applicable Platforms

Iscriviti alla newsletter