{"uuid": "921df47b-92ba-43ad-a242-565da6b8b640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44578", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116608593313654495", "content": "https://horizon3.ai/attack-research/vulnerabilities/cve-2026-44578/\n\nCVE-2026-44578 is a High-severity server-side request forgery vulnerability affecting self-hosted Next.js applications that use the built-in Node.js server. The vulnerability exists in WebSocket upgrade request handling, where crafted requests can cause the server to proxy connections to arbitrary internal or external destinations. Vercel-hosted deployments are not affected.\n#fuckJavaScript", "creation_timestamp": "2026-05-20T19:38:49.158341Z"}