Vulnerabilities4 min read
Clerk Auth Bypass Lets Attackers Skip Middleware in Next.js Apps
CVE-2026-41248 in Clerk's JavaScript libraries allows crafted requests to bypass authentication middleware. CVSS 9.1—patch your Next.js, Nuxt, and Astro apps now.
Marcus ChenApr 25, 2026