Im Done With NextJS... 13 NEW vulnerabilities

Description

Next.js just dropped a security release fixing 13 CVEs — 6 of them high severity. In this video, we break down middleware bypasses, denial of service via the React Flight protocol, server-side request forgery, and cross-site scripting. Were server components a mistake? 🔗 Relevant Links Security Blog: https://vercel.com/changelog/next-js-may-2026-security-release ❤️ More about us Radically better observability stack: https://betterstack.com/ Written tutorials: https://betterstack.com/community/ Example projects: https://github.com/BetterStackHQ 📱 Socials Twitter: https://twitter.com/betterstackhq Instagram: https://www.instagram.com/betterstackhq/ TikTok: https://www.tiktok.com/@betterstack LinkedIn: https://www.linkedin.com/company/betterstack 📌 Chapters: 00:00 Intro 00:41 Middleware Bypass 03:50 Denial of Service 07:50 Request Forgery (Highest Severity) 10:57 Cache Poisoning 12:45 Cross-Site Scripting (XSS) 15:09 Mistake