A vulnerability was found in vercel next.js up to 16.1.6 . It has been rated as problematic . The impacted element is an unknown function of the file /_next/webpack-hmr . Performing a manipulation results in missing origin validation in websockets. This vulnerability is known as CVE-2026-27977 . Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.