Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Next.js and the corrupt middleware: the authorizing artifact" --> "How to find Next.js on your network" [1] --> "... Exploitation is trivial and can be achieved by sending an extra HTTP header of `x-middleware-subrequest: true` ..." --> "CVE-2025-29927 is rated critical with a CVSSv3 base score of 9.1." VG Bernd [0] https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-m... [1] https://www.runzero.com/blog/next-js/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler@itc.rwth-aachen.de https://www.itc.rwth-aachen.de Social Media Kanäle des IT Centers: https://blog.rwth-aachen.de/itc/ https://www.facebook.com/itcenterrwth https://www.linkedin.com/company/itcenterrwth https://twitter.com/ITCenterRWTH https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ