What is the CVSS score of CVE-2026-29057?

CVE-2026-29057 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Red Hat are affected by CVE-2026-29057?

CVE-2026-29057 presents notable security risk rated CVSS 6.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Red Hat CVE-2026-29057

MEDIUM

HTTP Request/Response Smuggling (CWE-444)

2026-03-17 https://github.com/vercel/next.js

GHSA-ggv3-7p47-pfv8

Authentication Bypass Red Hat Request Smuggling

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:30 vuln.today

Patch released

Mar 17, 2026 - 20:30 nvd

Patch available

CVE Published

Mar 17, 2026 - 16:17 nvd

MEDIUM 6.5

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

10 npm packages depend on next (9 direct, 1 indirect)

Ecosystem-wide dependent count for version 16.0.0-beta.0.

DescriptionNVD

Summary

When Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes.

Impact

An attacker could smuggle a second request to unintended backend routes (for example, internal/admin endpoints), bypassing assumptions that only the configured rewrite destination/path is reachable. This does not impact applications hosted on providers that handle rewrites at the CDN level, such as Vercel.

Patches

The vulnerability originated in an upstream library vendored by Next.js. It is fixed by updating that dependency’s behavior so content-length: 0 is added only when both content-length and transfer-encoding are absent, and transfer-encoding is no longer removed in that code path.

Workarounds

If upgrade is not immediately possible:

Block chunked DELETE/OPTIONS requests on rewritten routes at your edge/proxy.
Enforce authentication/authorization on backend routes per our security guidance.

AnalysisAI

CVE-2026-29057 is a security vulnerability (CVSS 6.5) that allows request smuggling. Remediation should follow standard vulnerability management procedures. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory