Next.js: 13.5.11 → 16.2.6
Vercel · upgrade impact · Official site ↗
Fixed by upgrading to 16.2.6 iVulnerabilities that affect 13.5.11 but no longer affect 16.2.6 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2025-55184 HIGH EPSS 66% ✓ cleared in 16.2.6 CVE-2025-67779 HIGH EPSS 19% ✓ cleared in 16.2.6 CVE-2024-34351 HIGH EPSS 5% ✓ cleared in 16.2.6 CVE-2024-51479 HIGH EPSS 4% ✓ cleared in 16.2.6 CVE-2026-44578 HIGH EPSS 3% ✓ cleared in 16.2.6 CVE-2025-57822 MEDIUM EPSS 2% ✓ cleared in 16.2.6 CVE-2024-47831 MEDIUM EPSS 1% ✓ cleared in 16.2.6 CVE-2026-27980 HIGH EPSS 1% ✓ cleared in 16.2.6 CVE-2025-32421 LOW EPSS 1% ✓ cleared in 16.2.6 CVE-2025-55173 MEDIUM EPSS 1% ✓ cleared in 16.2.6 CVE-2025-59471 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-29057 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44577 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44573 HIGH EPSS 0% ✓ cleared in 16.2.6 CVE-2025-57752 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44581 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44580 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44582 LOW EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44572 LOW EPSS 0% ✓ cleared in 16.2.6 CVE-2025-48068 MEDIUM EPSS 0% ✓ cleared in 16.2.6