A vulnerability, which was classified as critical , has been found in vercel next.js up to 15.5.15/16.2.4 . This affects an unknown function of the component WebSocket Handler . This manipulation causes server-side request forgery. The identification of this vulnerability is CVE-2026-44578 . It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.