CVE-2026-23870 — next Denial of Service Vulnerability
| Field |
Value |
| CVE |
CVE-2026-23870 |
| Package |
next (Next.js) |
| Severity |
HIGH (CVSS 7.5) |
| Vector |
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Impact |
Availability — unauthenticated network-based DoS |
| Exploit available |
✅ Yes |
| CISA KEV |
No |
| Detected by |
Wiz (2026-05-13) |
Affected locations in this repo
| Location |
Current Version |
Fixed Version |
Recommended Version |
/frontend/package.json |
14.2.35 |
15.5.16 |
15.5.18 |
/frontend/yarn.lock |
14.1.0 |
15.5.16 |
15.5.18 |
Fix Guidance
- Upgrade
next to >= 15.5.18 in /frontend/package.json.
- Run
yarn upgrade next@latest inside the /frontend directory.
- Regenerate
/frontend/yarn.lock and commit.
- Validate:
yarn list next — confirm no version below 15.5.16 appears.
- Run existing test suite to confirm no regressions.
⚠️ Major version jump: This upgrades from 14.x → 15.x. Review the Next.js 15 upgrade guide before merging. Pay close attention to breaking changes in App Router, async APIs, and caching behaviour.
References
- Wiz Finding IDs:
f87f729d, 563cc6d3
- Branch:
MANTRA-Chain/resolute/mantra-cosmwasm
- Source: Wiz SCA scan (2026-05-13)
CVE-2026-23870 —
nextDenial of Service Vulnerabilitynext(Next.js)AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAffected locations in this repo
/frontend/package.json14.2.3515.5.1615.5.18/frontend/yarn.lock14.1.015.5.1615.5.18Fix Guidance
nextto>= 15.5.18in/frontend/package.json.yarn upgrade next@latestinside the/frontenddirectory./frontend/yarn.lockand commit.yarn list next— confirm no version below15.5.16appears.References
f87f729d,563cc6d3MANTRA-Chain/resolute/mantra-cosmwasm