FlagThis

A high-severity authorization bypass vulnerability (CVE-2024-51479) has been discovered in Next.js, a widely used React framework. This flaw allows unauthorized access to certain pages directly under the application’s root directory, bypassing middleware-based authorization checks. The vulnerability affects versions from 9.5.5 up to 14.2.14. It requires immediate patching to version 14.2.15 to mitigate the risk.