Next.js Middleware Authentication Bypass Vulnerability (CVE-2025-29927)

Next.js middleware plays a key role in securing applications by enforcing authentication, managing access control, and applying security headers. However, a newly discovered vulnerability, CVE-2025-29927, allows attackers to bypass these protections entirely using a manipulated HTTP header. Affected Versions This flaw affects the following versions: The Core Issue Next.js prevents infinite middleware loops by tracking […]