Synced 16 Jun 2026 15:24 UTC Account
← Next.js

Next.js: 12.3.7 16.2.6

Vercel · upgrade impact · Official site ↗
From12.3.713 known issues To16.2.60 known issues

Fixed by upgrading to 16.2.6 iVulnerabilities that affect 12.3.7 but no longer affect 16.2.6 — the security gain from this upgrade, by exploited status then exploitation probability.

Exploited first, then by exploitation probability (EPSS).

CVE-2024-51479 HIGH EPSS 4% ✓ cleared in 16.2.6 CVE-2025-57822 MEDIUM EPSS 2% ✓ cleared in 16.2.6 CVE-2023-46298 HIGH EPSS 1% ✓ cleared in 16.2.6 CVE-2024-47831 MEDIUM EPSS 1% ✓ cleared in 16.2.6 CVE-2026-27980 HIGH EPSS 1% ✓ cleared in 16.2.6 CVE-2025-32421 LOW EPSS 1% ✓ cleared in 16.2.6 CVE-2025-55173 MEDIUM EPSS 1% ✓ cleared in 16.2.6 CVE-2025-59471 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-29057 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44577 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44573 HIGH EPSS 0% ✓ cleared in 16.2.6 CVE-2025-57752 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44572 LOW EPSS 0% ✓ cleared in 16.2.6