Vercel Next.js 14.3.0 Canary85 for Node.js
Approved changes feed: RSS · Atom
cpe:2.3:a:vercel:next.js:14.3.0:canary85:*:*:*:node.js:*:*
part: a version: 14.3.0 update: canary85
| Vendor | Vercel (5676cb1a-0d7f-5c57-9405-b569f0c482e7) |
|---|---|
| Product | Next.Js (291cbef7-fa11-595c-86e3-5c00f9c5cf94) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | node.js |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/vercel/next.js |
purl2cpe | 2026-06-01 10:11:38.622987 |
pkg:sourceforge/next-js.mirror |
purl2cpe | 2026-06-01 10:11:38.622988 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-55182 |
vulnerable | 2026-06-08 07:33:14.247632 |
Details available
CRITICAL (10)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
Published: 2025-12-03T15:40:56.894Z
Updated: 2026-02-26T16:57:36.794Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.