Vercel Next.js 16.0.0 for Node.js
Approved changes feed: RSS · Atom
cpe:2.3:a:vercel:next.js:16.0.0:-:*:*:*:node.js:*:*
part: a version: 16.0.0 update: -
| Vendor | Vercel (5676cb1a-0d7f-5c57-9405-b569f0c482e7) |
|---|---|
| Product | Next.Js (291cbef7-fa11-595c-86e3-5c00f9c5cf94) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | node.js |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/vercel/next.js |
purl2cpe | 2026-06-01 10:11:39.373071 |
pkg:sourceforge/next-js.mirror |
purl2cpe | 2026-06-01 10:11:39.373073 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-55182 |
vulnerable | 2026-06-08 07:33:14.290528 |
Details available
CRITICAL (10)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
Published: 2025-12-03T15:40:56.894Z
Updated: 2026-02-26T16:57:36.794Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.