Tag: cache poisoning

All the articles with the tag "cache poisoning".

• [CVE-2025-49005] Cache-poisoning in Next.js App Router swaps HTML for raw React code

  3 Jul, 2025

  A header-mismatch in Next.js 15.3.0-15.3.2 and Vercel CLI 41.4.1-42.2.0 lets browsers or intermediate CDNs cache React Server Component streams where HTML was expected, breaking pages and opening the door to response-smuggling tricks.