Is Next.js 9.5.5 patched?
Current stable (16.2.9): 100/100
9.5.5 has 2 open critical-or-high vulnerabilities. Run 16.2.6 or later to clear them. See what 16.2.6 fixes →
Summary iPlain-English security status for Next.js 9.5.5, built from its CVEs, active-exploitation data, end-of-life date and latest release.
Next.js 9.5.5 is part of the 9.5 release line. 7 known vulnerabilities affect it. The minimum safe version is 16.2.6 — upgrade to it or later to clear the open critical/high issues. The latest supported Next.js release is 16.2.9.
Known issues affecting 9.5.5
Exploited first, then by exploitation probability.
CVE-2024-51479 HIGH EPSS 4% → fixed in 14.2.15 CVE-2025-57822 MEDIUM EPSS 2% → fixed in 15.4.7 CVE-2023-46298 HIGH EPSS 1% → fixed in 13.4.20 CVE-2025-32421 LOW EPSS 1% → fixed in 15.1.6 CVE-2025-55173 MEDIUM EPSS 1% → fixed in 15.4.5 CVE-2026-29057 MEDIUM EPSS 0% → fixed in 16.1.7 CVE-2025-57752 MEDIUM EPSS 0% → fixed in 15.4.5Other Next.js versions
Check another release line of Next.js.
Frequently asked
Is Next.js 9.5.5 patched?
Next.js 9.5.5 has 2 open critical-or-high vulnerabilities. The minimum safe version is 16.2.6 — upgrade to 16.2.6 or later to clear them.
What version should I upgrade Next.js 9.5.5 to?
Upgrade Next.js 9.5.5 to at least 16.2.6 to clear its 2 open critical-or-high vulnerabilities.
What is the latest version of Next.js?
The latest supported Next.js release is 16.2.9.
Is Next.js 9.5.5 still receiving security updates?
Yes — the 9.5 line is still supported and receiving security updates. The latest release is 16.2.9.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Vercel's official advisory before you patch or upgrade — Next.js official site ↗