A vulnerability identified as critical has been detected in next.js . This affects an unknown part of the component App Router Application . This manipulation causes authentication bypass using alternate channel. The identification of this vulnerability is CVE-2026-45109 . It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.