Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rx4e-7jj2-9udg
Vulnerability ID VCID-rx4e-7jj2-9udg
Aliases CVE-2023-46298
GHSA-c59h-r6p8-q9wc
Summary Next.js missing cache-control header may lead to CDN caching empty reply Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2023-46298
cvssv3.1_qr LOW https://github.com/advisories/GHSA-c59h-r6p8-q9wc
generic_textual LOW https://github.com/vercel/next.js
generic_textual LOW https://github.com/vercel/next.js/commit/20d05958ff853e9c9e42139ffec294336881c648
generic_textual LOW https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13
ssvc Track https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13
generic_textual LOW https://github.com/vercel/next.js/issues/45301
ssvc Track https://github.com/vercel/next.js/issues/45301
generic_textual LOW https://github.com/vercel/next.js/pull/54732
ssvc Track https://github.com/vercel/next.js/pull/54732
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2023-46298
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-46298
https://github.com/vercel/next.js
https://github.com/vercel/next.js/commit/20d05958ff853e9c9e42139ffec294336881c648
https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13
https://github.com/vercel/next.js/issues/45301
https://github.com/vercel/next.js/pull/54732
CVE-2023-46298 https://nvd.nist.gov/vuln/detail/CVE-2023-46298
GHSA-c59h-r6p8-q9wc https://github.com/advisories/GHSA-c59h-r6p8-q9wc
No exploits are available.
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:50:22Z/ Found at https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:50:22Z/ Found at https://github.com/vercel/next.js/issues/45301
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:50:22Z/ Found at https://github.com/vercel/next.js/pull/54732
Exploit Prediction Scoring System (EPSS)
Percentile 0.61719
EPSS Score 0.00417
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:52:01.433406+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next/CVE-2023-46298.yml 38.0.0