Next.js: 15.5.19 → 16.2.6
Vercel · upgrade impact · Official site ↗
Fixed by upgrading to 16.2.6 iVulnerabilities that affect 15.5.19 but no longer affect 16.2.6 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2026-27980 HIGH EPSS 1% ✓ cleared in 16.2.6 CVE-2025-59472 MEDIUM EPSS 0% ✓ cleared in 16.2.6