Critical Vulnerability in next-mdx-remote Library Lets Servers Run Malicious Code During SSR
4 min. read 
Published on
A critical remote code execution (RCE) flaw has been found in the widely used next-mdx-remote library that can let attackers run arbitrary code when dynamic MDX content is rendered on servers. The issue is tracked as CVE-2026-0969 and affects versions 4.3.0 through 5.0.0 of the package. This vulnerability has broad implications for developers of React and Next.js applications that use MDX content from external or untrusted sources.
The maintainers and security teams have fixed the flaw in next-mdx-remote version 6.0.0 with changes that block unsafe JavaScript execution by default when handling MDX. Sites using earlier versions should upgrade urgently to mitigate risk.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
What the CVE Means
The vulnerability exists in the serialize and compileMDX functions. These functions take MDX input and convert it into React components during server-side rendering (SSR). MDX files can include JSX and JavaScript expressions, and those expressions were not properly sanitized before being evaluated.
According to the security bulletin: “The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.” Security advisory HCSEC-2026-01.
Because the code could execute JavaScript inside MDX, an attacker who can provide or control MDX content could make the server run system-level commands. These commands run with whatever privileges the rendering process holds.
How the Flaw Can Be Exploited
MDX is a flexible mix of Markdown and JSX. For example, a user-provided MDX fragment might include a JavaScript expression like {require('child_process').exec('ls')}. In vulnerable versions of next-mdx-remote, that code could run during SSR.
This makes applications that accept MDX from users, third-party sources, or APIs especially at risk.
A remote attacker can:
- Submit malicious MDX to a server that uses next-mdx-remote.
- Cause the server to evaluate embedded JavaScript expressions.
- Execute arbitrary code on the host.
This can lead to full server compromise, data theft, or unauthorized access.
Technical advisories confirm that the flaw arises from how untrusted MDX is processed without proper sanitization.
ixed Version and Security Enhancements
The maintainers addressed the issue in version 6.0.0 of next-mdx-remote. Key changes include:
- JavaScript expressions Disabled by Default — Setting
blockJS: trueprevents raw JavaScript from running during MDX serialization. - Enhanced Blocking Option — For users who need JS expressions (
blockJS: false), a newblockDangerousJS: trueoption blocks known risky globals likeeval,Function,require, andprocess. - These measures limit the ability for untrusted content to run harmful code while still supporting safe use cases.
Developers are strongly advised to update to 6.0.0 or later and review their MDX handling configuration to ensure safety.
Additionally, the hosting provider Vercel now blocks deployments that include vulnerable versions by default, making it harder for such vulnerable packages to reach production unless expressly overridden.
Affected and Patched Versions
| Field | Detail |
|---|---|
| CVE ID | CVE-2026-0969 |
| Severity | High / critical server impact |
| Affected Versions | next-mdx-remote 4.3.0 to 5.0.0 |
| Patched Version | next-mdx-remote 6.0.0 |
| Impact | Remote code execution on SSR |
| Fix Measures | blockJS: true, blockDangerousJS: true options |
| Deploy Protection | Vercel blocks vulnerable builds by default |
Developer Guidance and Best Practices
- Update Immediately: Move to next-mdx-remote 6.0.0 or newer.
- Review MDX inputs: Only accept MDX content from trusted users or sanitize before rendering.
- Disable risky features: Keep
blockJS: trueunless absolutely necessary. - Test changes in staging: Breaking defaults may affect rendering logic.
- Audit access control: Restrict who can submit content for SSR rendering.
Sites that render untrusted user content are particularly exposed and should prioritize this patch.
Example of Risky MDX Input
An exploited MDX file might include an expression like:
{()=>{ require('child_process').execSync('rm -rf /'); }}
If processed without safety options, this would run on the server during SSR. Researchers warn that any such expression could invoke system commands or load sensitive modules.
FAQ
A: It is a TypeScript library often used with Next.js to render MDX (Markdown with JSX) content on server or client environments. It lets developers display dynamic MDX from databases, APIs, or user input.
A: Yes, if an application processes MDX supplied by untrusted sources and has not been updated. A successful exploit can lead to arbitrary code running on the server.
A: You should review whether you use JavaScript expressions in MDX and apply the new blockJS and blockDangerousJS configuration appropriately.
A: The vulnerability is specific to server-side rendering (SSR) of MDX. Client-only rendering is not affected in the same way because code there runs in the browser.
A: Vercel now blocks deployments with vulnerable versions by default, reducing the chance of such versions reaching production.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages