2026-23864 and Next.js 14.2.35
Answered
Holland Lop posted this in #help-forum
Holland LopOP
I've been reading: https://vercel.com/changelog/summary-of-cve-2026-23864 but I am unsure if version 14.2.35 requires patching. I also can't seem to find a newer npm version listed. Anyone care to help?
https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf also doesn't list any patched 14 version.
https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf also doesn't list any patched 14 version.
Answered by B33fb0n3
yea, you need to upgrade to
15.0.8. Else you are affected for this one9 Replies
@Holland Lop I've been reading: https://vercel.com/changelog/summary-of-cve-2026-23864 but I am unsure if version 14.2.35 requires patching. I also can't seem to find a newer npm version listed. Anyone care to help?
https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf also doesn't list any patched 14 version.
yea, you need to upgrade to
15.0.8. Else you are affected for this oneAnswer
@B33fb0n3 there is no other choice? upgrade from 14 to 15 have many breaking changes
@David <@301376057326567425> there is no other choice? upgrade from 14 to 15 have many breaking changes
Yes, there is no other choice…
Holland LopOP
That's a pitty, thanks for the help
@Holland Lop solved?
Holland LopOP
yep 🙂
Upgrade is scheduled