Arbitrary Code Execution Vulnerability in MDX Compilation for next-mdx-remote by HashiCorp
CVE-2026-0969
8.8HIGH
What is CVE-2026-0969?
The serialization function used in next-mdx-remote for compiling MDX content exhibits a vulnerability that allows attackers to execute arbitrary code. This issue arises from inadequate sanitization measures applied to the MDX content, leading to significant security risks during server-side rendering when untrusted MDX content is processed. It is crucial for users of next-mdx-remote to evaluate their use cases and implement necessary security measures to mitigate potential exploits.
Affected Version(s)
Shared library 64 bit 4.3.0 < 6.0.0