Next.js: 9.5.5 → 16.2.6
Vercel · upgrade impact · Official site ↗
Fixed by upgrading to 16.2.6 iVulnerabilities that affect 9.5.5 but no longer affect 16.2.6 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2024-51479 HIGH EPSS 4% ✓ cleared in 16.2.6 CVE-2025-57822 MEDIUM EPSS 2% ✓ cleared in 16.2.6 CVE-2023-46298 HIGH EPSS 1% ✓ cleared in 16.2.6 CVE-2025-32421 LOW EPSS 1% ✓ cleared in 16.2.6 CVE-2025-55173 MEDIUM EPSS 1% ✓ cleared in 16.2.6 CVE-2026-29057 MEDIUM EPSS 0% ✓ cleared in 16.2.6 CVE-2025-57752 MEDIUM EPSS 0% ✓ cleared in 16.2.6