1. Wiz Researchers Uncover Unauthenticated DoS Vulnerability in Next.js — CVE-2026-23870 Threatens 14.x Deployments
A critical denial-of-service vulnerability has been identified in Next.js, the widely deployed React framework, with an active exploit already circulating. The flaw, tracked as CVE-2026-23870, carries a CVSS score of 7.5 and enables unauthenticated attackers to trigger availability disruption over the network without r...