You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Next.js: null origin can bypass dev HMR websocket CSRF checks
Low severity
GitHub Reviewed
Published
Mar 16, 2026
in
vercel/next.js
•
Updated Mar 25, 2026