A vulnerability was found in vercel next.js up to 15.5.15/16.2.4 and classified as problematic . Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2026-44580 . The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.