A vulnerability classified as problematic was found in vercel next.js up to 16.1.6 . This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. This vulnerability is tracked as CVE-2026-27978 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.