{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-18T00:23:34Z",
  "bugzilla" : {
    "description" : "next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage",
    "id" : "2448509",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2448509"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately possible, periodically clean `.next/cache/images` and/or reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`).", "An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service." ],
  "affected_release" : [ {
    "product_name" : "Streams for Apache Kafka 3.2.0",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13571",
    "cpe" : "cpe:/a:redhat:amq_streams:3.2::el9",
    "package" : "com.github.streamshub-console"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "dotnet7.0",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/bootc-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Affected",
    "package_name" : "rhelai3/disk-image-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Trusted Artifact Signer",
    "fix_state" : "Affected",
    "package_name" : "rhtas/rekor-search-ui-rhel9",
    "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1"
  }, {
    "product_name" : "streams for Apache Kafka 2",
    "fix_state" : "Affected",
    "package_name" : "com.github.streamshub-console",
    "cpe" : "cpe:/a:redhat:amq_streams:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-27980\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27980\nhttps://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd\nhttps://github.com/vercel/next.js/releases/tag/v16.1.7\nhttps://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8" ],
  "name" : "CVE-2026-27980",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}