Hightimneutkens

**Name of the Vulnerable Software and Affected Versions** Next.js (affected versions not specified) **Description** An authorization bypass exists in applications that use middleware to protect dynamic routes. Attackers can use specially crafted query parameters to alter the dynamic route value perceived by the page while keeping the visible path unchanged. This allows protected content to be rendered by skipping the middleware check, which is the mechanism most Next.js applications use to verify user authentication. **Recommendations** Enforce authorization within the route or page logic instead of relying exclusively on middleware path matching. As a temporary workaround, restrict the use of dynamic route parameters that rely solely on middleware for protection until the software is updated.