Security researchers have discovered a critical denial-of-service vulnerability in Next.js that allows unauthenticated attackers to crash self-hosted servers with a single HTTP request.
The flaw was unexpectedly uncovered by an AI security testing tool while examining a demo application, ultimately revealing a previously unknown vulnerability in Next.js itself rather than the application being tested.
https://cyberpress.org/new-unauthentica ... erability/