Is CVE-2026-44580 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-44580 is not currently listed in the CISA KEV catalog.

Which frameworks does CVE-2026-44580 affect?

CVE-2026-44580 affects Next.js.

Vulnerability intelligence

CVE-2026-44580

Middleware bypass, SSRF, cache poisoning, XSS. Next.js 15.5.18 and 16.2.6 fixed them all in a coordinated release. The vulnerability count is real. The response model is what separates modern from legacy.

Next.js 2026

What WebPulse reported · 1 analysis

Next.js Patched 13 Security Advisories in May 2026. Modern Frameworks Are Not Immune — But the Difference Is How They Respond.

Middleware bypass, SSRF, cache poisoning, XSS. Next.js 15.5.18 and 16.2.6 fixed them all in a coordinated release. The vulnerability count is real. The response

June 13, 2026

View CVE-2026-44580 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-23869 CVE-2026-44578 CVE-2026-44574 CVE-2025-29927 CVE-2026-9082 CVE-2026-8206 CVE-2026-48019 CVE-2026-35273