npm package
next-mdx-remote
pkg:npm/next-mdx-remote
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-0969 | Hig | 8.8 | >= 4.3.0, < 6.0.0 | 6.0.0 | Feb 12, 2026 | The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0. |
- affected >= 4.3.0, < 6.0.0fixed 6.0.0
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0.