VYPR

npm package

@opennextjs/cloudflare

pkg:npm/%40opennextjs/cloudflare

Vulnerabilities (2)

  • CVE-2026-3125Mar 4, 2026
    affected < 1.17.1fixed 1.17.1

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for developmen

  • CVE-2025-6087CriJun 16, 2025
    affected < 1.3.0fixed 1.3.0

    A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /_