Critical Vulnerability in next-mdx-remote Enables Arbitrary Code Execution in React SSR

Fri Feb 13 2026

Development

Open Source

Software

Vulnerability

cyberpress.org

A critical vulnerability in next-mdx-remote, a widely used TypeScript library for rendering MDX content in React applications, exposes servers to arbitrary code execution when processing untrusted input. Tracked as CVE-2026-0969, the flaw was disclosed by HashiCorp on February 11, 2026, via security bulletin HCSEC-2026-01, following discovery by researchers at Sejong University. This issue affects versions […] The post Critical Vulnerability in next-mdx-remote Enables Arbitrary Code Execution in React SSR appeared first on Cyber Security News.