Next.js CVE-2026-44578 — WebSocket SSRF Threatens AI-Generated Web Apps
AI relevance: Next.js is the default frontend scaffold for most AI coding agents (Claude Code, Cursor, Codex), so thousands of "vibe-coded" apps deployed without security review inherit this unauthenticated SSRF — turning AI-generated infrastructure into proxy footholds for internal network access.
What happened
- Vercel patched a cluster of Next.js vulnerabilities on May 11, including CVE-2026-44578 (CVSS 8.6), a server-side request forgery via crafted WebSocket upgrade requests.
- The flaw affects self-hosted Next.js apps using the built-in Node.js server, versions 13.4.13 through before 15.5.16 and 16.2.5.
- An unauthenticated attacker can cause the Next.js server to proxy requests to arbitrary internal or external destinations, exposing internal services, cloud metadata endpoints (e.g., AWS IMDSv1), and admin panels.
- No login or authentication is required — the vulnerability is triggered by a single crafted WebSocket upgrade request.
- Vercel-managed deployments are explicitly not affected; the risk is confined to self-hosted instances, which is exactly how most AI-generated apps are deployed.
- Enterprise users are requesting backports to Next.js 14.2.x because migration to patched versions introduces breaking changes — a common pattern in AI-coded projects that pin outdated scaffolds.
Why it matters
AI coding agents overwhelmingly default to Next.js when generating web applications. These apps are typically deployed directly to cloud VMs or small hosting instances without security review, WAFs, or internal network segmentation. The combination of an unauthenticated SSRF in the default framework plus the deployment patterns of AI-generated apps creates a wide, easily exploitable attack surface for credential harvesting and lateral movement.
What to do
- Upgrade self-hosted Next.js to 15.5.16+ or 16.2.5+ immediately.
- If stuck on 14.2.x, apply network-level controls: block outbound requests from the Next.js process to internal IP ranges and cloud metadata endpoints.
- Audit AI-generated apps in your infrastructure for Next.js version and self-hosted deployment patterns.
- Consider adding WebSocket upgrade request validation at the reverse-proxy layer as a compensating control.