next-mdx-remote CVE-2026-0969 Allows Server-Side RCE
HashiCorp patched CVE-2026-0969 in next-mdx-remote, which allowed arbitrary server-side code execution when compiling untrusted MDX content with JavaScript enabled.
Source: Socket
Read more: CyberSecBrief













