Next.js: Denial of Service Risk - Proactive Insights and Support For Open-Source Applications

In Next.js versions from 15.0.4-canary.51 to before 15.1.8 a medium severity vulnerability CVE-2025-49826 was detected. This vulnerability could lead to a Denial of Service condition due to a cache poisoning issue, where a 204 HTTP response may be incorrectly cached and served to all users accessing certain static pages. To fix this issue, users should upgrade to Next.js version 15.1.8. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49826.