rainbowkit

If you're using the Middleware API in Next.js (middleware.ts) and have routes protected by SIWE authorization, ensure that you've mitigated CVE-2025-29927. Vercel, Netlify, and Cloudflare have already deployed network-layer filtering to mitigate malicious headers for vulnerable projects. The standard RainbowKit Authentication implementation using /api/ routes and server-side session validation is not impacted.

If you're using the Middleware API in Next.js (middleware.ts) and have routes protected by SIWE authorization, ensure that you've mitigated CVE-2025-29927. Vercel, Netlify, and Cloudflare have already deployed network-layer filtering to mitigate malicious headers for vulnerable projects. The standard RainbowKit Authentication implementation using /api/ routes and server-side session validation is not impacted. https://zeropath.com/blog/nextjs-middleware-cve-2025-29927-auth-bypass

🔍 ensdata.net ✦ 🖼️ pugson.net/rfe ✦  🌐 metadata.vision ✦ 𝙿𝚁𝙴𝚅: @rainbow 🌈

14 and 15 are impacted! There is a patch available for them as of yesterday. 13 and below aren't patch at all (yet)

this only affects versions 13 and below btw

Curious about the intersection of humans & technology | Obsessed with @gnosispay & /invaders | henrypye.xyz