Is Next.js 15.5.19 patched?
Current stable (16.2.9): 100/100
15.5.19 has 1 open critical-or-high vulnerability. Run 16.2.6 or later to clear it. See what 16.2.6 fixes →
Summary iPlain-English security status for Next.js 15.5.19, built from its CVEs, active-exploitation data, end-of-life date and latest release.
Next.js 15.5.19 is part of the 15.5 release line. 2 known vulnerabilities affect it. The minimum safe version is 16.2.6 — upgrade to it or later to clear the open critical/high issues. The latest supported Next.js release is 16.2.9.
Known issues affecting 15.5.19
Exploited first, then by exploitation probability.
CVE-2026-27980 HIGH EPSS 1% → fixed in 16.1.7 CVE-2025-59472 MEDIUM EPSS 0% → fixed in 16.1.5Other Next.js versions
Check another release line of Next.js.
Frequently asked
Is Next.js 15.5.19 patched?
Next.js 15.5.19 has 1 open critical-or-high vulnerability. The minimum safe version is 16.2.6 — upgrade to 16.2.6 or later to clear it.
What version should I upgrade Next.js 15.5.19 to?
Upgrade Next.js 15.5.19 to at least 16.2.6 to clear its 1 open critical-or-high vulnerability.
What is the latest version of Next.js?
The latest supported Next.js release is 16.2.9.
Is Next.js 15.5.19 still receiving security updates?
Yes — the 15.5 line is still supported and receiving security updates. The latest release is 16.2.9.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Vercel's official advisory before you patch or upgrade — Next.js official site ↗