Synced 16 Jun 2026 15:24 UTC Account
← Next.js

Next.js: 14.2.35 16.2.6

Vercel · upgrade impact · Official site ↗
From14.2.3511 known issues To16.2.60 known issues

Fixed by upgrading to 16.2.6 iVulnerabilities that affect 14.2.35 but no longer affect 16.2.6 — the security gain from this upgrade, by exploited status then exploitation probability.

Exploited first, then by exploitation probability (EPSS).

CVE-2026-44578 HIGH EPSS 3% ✓ cleared in 16.2.6 CVE-2026-27980 HIGH EPSS 1% ✓ cleared in 16.2.6 CVE-2025-59471 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-29057 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44577 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44573 HIGH EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44576 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44581 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44580 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44582 LOW EPSS 0% ✓ cleared in 16.2.6 CVE-2026-44572 LOW EPSS 0% ✓ cleared in 16.2.6