Synced 16 Jun 2026 15:24 UTC Account

Is Next.js 10.2.3 patched?

Vercel · cycle 10.2 · Official site ↗
10.2.350/100Attention

Current stable (16.2.9): 100/100

Minimum safe version16.2.6

10.2.3 has 4 open critical-or-high vulnerabilities. Run 16.2.6 or later to clear them. See what 16.2.6 fixes →

Health score50/100
Open issues13
Exploited now0
Cycle 10.2 EOL
Latest release16.2.9

Summary iPlain-English security status for Next.js 10.2.3, built from its CVEs, active-exploitation data, end-of-life date and latest release.

Next.js 10.2.3 is part of the 10.2 release line. 13 known vulnerabilities affect it. The minimum safe version is 16.2.6 — upgrade to it or later to clear the open critical/high issues. The latest supported Next.js release is 16.2.9.

Known issues affecting 10.2.3

Exploited first, then by exploitation probability.

CVE-2024-51479 HIGH EPSS 4% → fixed in 14.2.15 CVE-2025-57822 MEDIUM EPSS 2% → fixed in 15.4.7 CVE-2022-23646 MEDIUM EPSS 2% → fixed in 12.1.0 CVE-2023-46298 HIGH EPSS 1% → fixed in 13.4.20 CVE-2021-39178 HIGH EPSS 1% → fixed in 11.1.1 CVE-2024-47831 MEDIUM EPSS 1% → fixed in 14.2.7 CVE-2026-27980 HIGH EPSS 1% → fixed in 16.1.7 CVE-2025-32421 LOW EPSS 1% → fixed in 15.1.6 CVE-2025-55173 MEDIUM EPSS 1% → fixed in 15.4.5 CVE-2025-59471 MEDIUM EPSS 0% → fixed in 16.1.5 CVE-2026-29057 MEDIUM EPSS 0% → fixed in 16.1.7 CVE-2026-44577 MEDIUM EPSS 0% → fixed in 16.2.5 CVE-2025-57752 MEDIUM EPSS 0% → fixed in 15.4.5

Other Next.js versions

Check another release line of Next.js.

Next.js 16.2.9Next.js 15.5.19Next.js 14.2.35Next.js 13.5.11Next.js 12.3.7Next.js 11.1.4Next.js 9.5.5

Frequently asked

Is Next.js 10.2.3 patched?

Next.js 10.2.3 has 4 open critical-or-high vulnerabilities. The minimum safe version is 16.2.6 — upgrade to 16.2.6 or later to clear them.

What version should I upgrade Next.js 10.2.3 to?

Upgrade Next.js 10.2.3 to at least 16.2.6 to clear its 4 open critical-or-high vulnerabilities.

What is the latest version of Next.js?

The latest supported Next.js release is 16.2.9.

Is Next.js 10.2.3 still receiving security updates?

Yes — the 10.2 line is still supported and receiving security updates. The latest release is 16.2.9.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Vercel's official advisory before you patch or upgrade — Next.js official site ↗