udah bisa di coba kembali om, full banget kemarin traffict nya naik 10x, kejadian nya pas lagi nambah node multi AZ biar automate next bisa pilih multi region,
pertambahan equipment tidak secepat pertambahan pelanggan, alhamdulillah laris
CVE-2026-44578
⚠️ Next.js – WebSocket Upgrade SSRF (CVSS 8.6)
A server-side request forgery vulnerability in Next.js allows unauthenticated attackers to force self-hosted instances to make internal HTTP requests via the WebSocket upgrade handler.
By sending a crafted absolute-form HTTP request with Upgrade: websocket headers, attackers can access internal services, cloud metadata endpoints, admin panels, and internal APIs reachable from the Next.js server on port 80. Successful exploitation may expose cloud credentials, API keys, secrets, and configuration data.
Affected: Next.js 13.4.13+, 14.x, 15.x <15.5.16, 16.0.0–16.2.4
Mitigation: Upgrade immediately to 15.5.16 or 16.2.5.
Modat Magnify Query:
technology="Next.js"
The platform:
https://t.co/qJfEh7giE9
#threatintel #vulnerability #CVE202644578 #Nextjs #SSRF #WebSocket #CloudSecurity #infosec #Critical #ModatMagnify