FIND-20260413-001 · 2026-04-13 · Innovation Veille
CVE-2026-27979: Next.js DoS via Unbounded Request Buffering
cve
HIGH
CVE-2026-27979 is a denial-of-service vulnerability in Next.js versions 16.0.1–16.1.6. Attackers can exploit unbounded request buffering to cause memory exhaustion on the server. ODS Dashboard uses Next.js 16.2.x which includes the fix. Upgrade to 16.2.2 LTS immediately if on any 16.0.x or 16.1.x version.
Source
https://www.sentinelone.com/vulnerability-database/cve-2026-27979/
ODS Impact
ODS Dashboard (Next.js frontend). Check current Next.js version and confirm it is 16.2.2 LTS or later.
Security Review
License: N/A | Maintenance: ACTIVE | Risk: LOW | Recommendation: USE_WITH_CAUTION
Tags
nextjs
cve
dos
security
dashboard