Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-13T15:57:15 next.js: Next.js: Denial of Service due to improper handling of x-nextjs-data header with redirects 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-444

A flaw was found in Next.js. An external client could exploit this vulnerability by sending a x-nextjs-data header on a request to a path handled by middleware that returns a redirect. This action could cause the middleware or proxy to incorrectly process the request as a data request, replacing the standard Location redirect header with an internal x-nextjs-redirect header. If the application is deployed behind a caching Content Delivery Network (CDN) or reverse proxy, a malicious request could poison the cached redirect response, leading to a denial of service for subsequent visitors attempting to access the affected path.

To mitigate this issue, configure any caching Content Delivery Network (CDN) or reverse proxy deployed in front of Next.js applications to either not cache 3xx redirect responses for paths handled by middleware, or to ensure that the cache key for 3xx responses explicitly varies on the `x-nextjs-data` header. This prevents an attacker from poisoning the cache with an unusable redirect response. Consult your CDN or reverse proxy documentation for specific configuration instructions. A service reload or restart of the CDN/reverse proxy may be required for changes to take effect. Red Hat Enterprise Linux 10 Fix deferred firefox Red Hat Enterprise Linux 10 Fix deferred thunderbird Red Hat Enterprise Linux 7 Fix deferred firefox Red Hat Enterprise Linux 8 Fix deferred firefox Red Hat Enterprise Linux 8 Fix deferred thunderbird Red Hat Enterprise Linux 9 Fix deferred firefox Red Hat Enterprise Linux 9 Fix deferred thunderbird Red Hat Enterprise Linux AI (RHEL AI) 3 Fix deferred rhelai3/bootc-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Fix deferred rhelai3/bootc-gaudi-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Fix deferred rhelai3/bootc-rocm-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Fix deferred rhelai3/disk-image-cuda-rhel9 Red Hat Trusted Artifact Signer Fix deferred rhtas/rekor-search-ui-rhel9 streams for Apache Kafka 2 Fix deferred next streams for Apache Kafka 3 Affected next https://www.cve.org/CVERecord?id=CVE-2026-44572 https://nvd.nist.gov/vuln/detail/CVE-2026-44572 https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq