Aigent.ly — Vulnerability Prevention for AI-Generated Code

AI Security Summary

Next.js applications are most exposed through middleware trust boundaries, HTTP header manipulation, and third-party library gadget chains. The recurring coding mistake is trusting attacker-controlled inputs — headers, URLs, paths, and object keys — without validation before they influence routing, caching, or network requests.

Middleware and Routing Authorization Bypass via Pathname or Header Trust

Covers: CVE-2025-29927 · CVE-2024-51479 · CVE-2026-44573 · CVE-2025-57822 Risk: Attackers bypass middleware-enforced auth by crafting requests with manipulated headers, locales, or data-route paths that skip middleware execution entirely.

NEVER rely solely on middleware for authorization decisions — enforce access control in the route handler or server component as well.
NEVER trust the Host, X-Forwarded-Host, or any forwarded header as the canonical request origin inside middleware logic.
ALWAYS validate that /_next/data/ and locale-prefixed routes are subject to the same middleware authorization checks as their page counterparts.
NEVER pass raw incoming request headers directly into NextResponse.next() or redirect targets without sanitizing them first.
ALWAYS treat middleware as a first-line filter only, never as the sole authorization gate for sensitive resources.

Server-Side Request Forgery via Header Injection and Proxy Trust

Covers: CVE-2024-34351 · CVE-2026-44578 · CVE-2026-29057 · CVE-2022-0235 · CVE-2025-27152 · CVE-2026-42043 · CVE-2025-62718 · CVE-2026-42038 · CVE-2026-40175 Risk: Crafted Host headers, absolute URLs, WebSocket upgrades, and NO_PROXY bypass tricks cause servers to proxy requests to arbitrary internal or external destinations, leaking credentials and metadata.

NEVER use the Host header from an incoming request to construct outbound URLs in Server Actions or API routes.
ALWAYS use a hard-coded, allow-listed base URL for internal service calls rather than deriving it from request headers.
NEVER forward authorization, cookie, or credential headers when following redirects to a different origin.
ALWAYS validate that WebSocket upgrade request targets resolve to an expected, allow-listed destination before proxying.
NEVER rely on NO_PROXY string matching alone to block loopback or cloud-metadata addresses — always resolve and compare IPs explicitly.
ALWAYS reject or strip Transfer-Encoding headers on proxied requests to prevent request-smuggling boundary confusion.

Prototype Pollution Gadget Chains in Axios and Lodash

Covers: CVE-2026-42033 · CVE-2026-42035 · CVE-2026-42041 · CVE-2026-42042 · CVE-2023-45857 · CVE-2025-13465 · CVE-2026-2950 · CVE-2026-25639 Risk: Prototype pollution from any dependency can be weaponized through Axios and Lodash gadgets to inject headers, leak XSRF tokens, suppress auth errors, or delete prototype methods.

ALWAYS treat proto, constructor, and prototype as forbidden keys in any object-merge, config-parse, or path-resolution code path.
NEVER read object properties that influence security decisions (headers, status validators, token flags) without an explicit hasOwnProperty or Object.hasOwn guard.
NEVER pass JSON.parse() output directly as a configuration object to axios or lodash functions without key sanitization.
ALWAYS use Object.create(null) for dictionaries that will be populated from untrusted input to eliminate inherited prototype properties.
NEVER allow untrusted path segments — including array-wrapped ones — to be passed as keys to _.unset, _.omit, or equivalent deep-path functions.

Template and Script Injection via Untrusted Input into Code or HTML Sinks

Covers: CVE-2021-23337 · CVE-2026-4800 · CVE-2026-44580 · CVE-2026-44581 Risk: Attacker-controlled strings flow into lodash template Function() constructors and Next.js script/nonce HTML sinks, enabling arbitrary code or script execution in browser or server contexts.

NEVER pass untrusted input as lodash template variable names, option keys, or imports key names — all flow into a Function() constructor sink.
NEVER interpolate untrusted content into beforeInteractive script bodies or CSP nonce attributes without context-aware escaping.
ALWAYS validate and sanitize nonce values derived from request headers before embedding them into rendered HTML.
ALWAYS treat any lodash _.template options object property that accepts strings as a potential code-injection vector when the value is user-controlled.

Denial of Service via Unbounded Resource Consumption

Covers: CVE-2021-3749 · CVE-2020-28500 · CVE-2024-47831 · CVE-2024-56332 · CVE-2025-59471 · CVE-2026-27980 · CVE-2026-42034 · CVE-2026-42036 · CVE-2026-42039 · CVE-2026-44577 · CVE-2025-55173 · CVE-2025-57752 · CVE-2022-23539 · CVE-2022-23540 · CVE-2022-23541 Risk: Attackers exhaust CPU, memory, or disk by sending crafted regex inputs, deeply nested objects, oversized images, or long-running Server Actions, collapsing self-hosted deployments.

ALWAYS enforce a maximum size limit on any externally fetched or uploaded resource before loading it into memory, including images passed to the Next.js optimizer.
NEVER allow unbounded recursion over attacker-influenced nested objects — enforce a maximum depth before processing.
ALWAYS configure explicit timeouts and body-size limits on Server Actions and API routes to prevent connection-holding DoS.
NEVER apply computationally expensive regex or string operations to unbounded user-supplied input without length pre-validation.
ALWAYS restrict remotePatterns and localPatterns in next.config.js to the narrowest possible set of trusted origins and paths.
NEVER allow the image optimization cache to grow without an explicit maximum size bound when self-hosting Next.js.

Cross-cutting patterns (all Next.js projects)

ALWAYS enforce authorization at the data layer — route handler or server component — independent of any middleware, proxy, or CDN layer above it.
NEVER trust any value derived from an HTTP request header — Host, Referer, X-Forwarded-*, Cookie — as a safe input for routing, caching keys, or outbound request construction.
ALWAYS define an explicit allow-list (remotePatterns, trusted origins, permitted algorithms) rather than relying on default or permissive configurations for any security-relevant feature.
NEVER surface internal error details, stack traces, or upstream service responses to the client — these feed SSRF reconnaissance and gadget-chain discovery.

AI Security Summary

Middleware and Routing Authorization Bypass via Pathname or Header Trust

NEVER rely solely on middleware for authorization decisions — enforce access control in the route handler or server component as well.
NEVER trust the Host, X-Forwarded-Host, or any forwarded header as the canonical request origin inside middleware logic.
ALWAYS validate that /_next/data/ and locale-prefixed routes are subject to the same middleware authorization checks as their page counterparts.
NEVER pass raw incoming request headers directly into NextResponse.next() or redirect targets without sanitizing them first.
ALWAYS treat middleware as a first-line filter only, never as the sole authorization gate for sensitive resources.

Server-Side Request Forgery via Header Injection and Proxy Trust

NEVER use the Host header from an incoming request to construct outbound URLs in Server Actions or API routes.
ALWAYS use a hard-coded, allow-listed base URL for internal service calls rather than deriving it from request headers.
NEVER forward authorization, cookie, or credential headers when following redirects to a different origin.
ALWAYS validate that WebSocket upgrade request targets resolve to an expected, allow-listed destination before proxying.
NEVER rely on NO_PROXY string matching alone to block loopback or cloud-metadata addresses — always resolve and compare IPs explicitly.
ALWAYS reject or strip Transfer-Encoding headers on proxied requests to prevent request-smuggling boundary confusion.

Prototype Pollution Gadget Chains in Axios and Lodash

ALWAYS treat proto, constructor, and prototype as forbidden keys in any object-merge, config-parse, or path-resolution code path.
NEVER read object properties that influence security decisions (headers, status validators, token flags) without an explicit hasOwnProperty or Object.hasOwn guard.
NEVER pass JSON.parse() output directly as a configuration object to axios or lodash functions without key sanitization.
ALWAYS use Object.create(null) for dictionaries that will be populated from untrusted input to eliminate inherited prototype properties.
NEVER allow untrusted path segments — including array-wrapped ones — to be passed as keys to _.unset, _.omit, or equivalent deep-path functions.

Template and Script Injection via Untrusted Input into Code or HTML Sinks

NEVER pass untrusted input as lodash template variable names, option keys, or imports key names — all flow into a Function() constructor sink.
NEVER interpolate untrusted content into beforeInteractive script bodies or CSP nonce attributes without context-aware escaping.
ALWAYS validate and sanitize nonce values derived from request headers before embedding them into rendered HTML.
ALWAYS treat any lodash _.template options object property that accepts strings as a potential code-injection vector when the value is user-controlled.

Denial of Service via Unbounded Resource Consumption

ALWAYS enforce a maximum size limit on any externally fetched or uploaded resource before loading it into memory, including images passed to the Next.js optimizer.
NEVER allow unbounded recursion over attacker-influenced nested objects — enforce a maximum depth before processing.
ALWAYS configure explicit timeouts and body-size limits on Server Actions and API routes to prevent connection-holding DoS.
NEVER apply computationally expensive regex or string operations to unbounded user-supplied input without length pre-validation.
ALWAYS restrict remotePatterns and localPatterns in next.config.js to the narrowest possible set of trusted origins and paths.
NEVER allow the image optimization cache to grow without an explicit maximum size bound when self-hosting Next.js.

Cross-cutting patterns (all Next.js projects)

ALWAYS enforce authorization at the data layer — route handler or server component — independent of any middleware, proxy, or CDN layer above it.
NEVER trust any value derived from an HTTP request header — Host, Referer, X-Forwarded-*, Cookie — as a safe input for routing, caching keys, or outbound request construction.
ALWAYS define an explicit allow-list (remotePatterns, trusted origins, permitted algorithms) rather than relying on default or permissive configurations for any security-relevant feature.
NEVER surface internal error details, stack traces, or upstream service responses to the client — these feed SSRF reconnaissance and gadget-chain discovery.

Next.js security patterns

Protects against

Rule body

AI Security Summary

Middleware and Routing Authorization Bypass via Pathname or Header Trust

Server-Side Request Forgery via Header Injection and Proxy Trust

Prototype Pollution Gadget Chains in Axios and Lodash

Template and Script Injection via Untrusted Input into Code or HTML Sinks

Denial of Service via Unbounded Resource Consumption

AI Security Summary

Middleware and Routing Authorization Bypass via Pathname or Header Trust

Server-Side Request Forgery via Header Injection and Proxy Trust

Prototype Pollution Gadget Chains in Axios and Lodash

Template and Script Injection via Untrusted Input into Code or HTML Sinks

Denial of Service via Unbounded Resource Consumption