Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hv3p-7mme-a7fe
Vulnerability ID VCID-hv3p-7mme-a7fe
Aliases CVE-2026-44579
GHSA-mg66-mrh9-m8jx
Summary Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-mg66-mrh9-m8jx
cvssv3.1 7.5 https://github.com/vercel/next.js
generic_textual HIGH https://github.com/vercel/next.js
cvssv3.1 7.5 https://github.com/vercel/next.js/releases/tag/v15.5.16
generic_textual HIGH https://github.com/vercel/next.js/releases/tag/v15.5.16
cvssv3.1 7.5 https://github.com/vercel/next.js/releases/tag/v16.2.5
generic_textual HIGH https://github.com/vercel/next.js/releases/tag/v16.2.5
cvssv3.1 7.5 https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx
cvssv3.1_qr HIGH https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx
generic_textual HIGH https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx
Reference id Reference type URL
https://github.com/vercel/next.js
https://github.com/vercel/next.js/releases/tag/v15.5.16
https://github.com/vercel/next.js/releases/tag/v16.2.5
GHSA-mg66-mrh9-m8jx https://github.com/advisories/GHSA-mg66-mrh9-m8jx
GHSA-mg66-mrh9-m8jx https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/vercel/next.js
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/vercel/next.js/releases/tag/v15.5.16
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/vercel/next.js/releases/tag/v16.2.5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-05-12T18:39:03.405965+00:00 GHSA Importer Import https://github.com/advisories/GHSA-mg66-mrh9-m8jx 38.6.0