Appreciate that v0 called out the Next.js CVE. That was helpful! I’ll upgrade my repo. I wanted to flag that the yellow notice in the preview has the “Fix with v0, it is free” button, but that button is not clickable. I click it and nothing happens. I tried to just say manually in the prompt, “I’m …

The fix should be deployed, can you folks try the Fix in v0 button now and see if it’s working correctly?

Reallly? Must be something else. I literally clicked the “Fix for free” on all of these messages on my projects and it worked right away and just fine. Are you still havign that issue?

If that Fix for free button still isnt working (but it really should and I had no experience of it not working), you can always just run this in the prompt: upgrade the Next.js dependency from version 16.0.3 to 16.0.7. Make sure all other dependencies including React 19.2.0 and the React Three Fibe…

+1 on trying the prompt that Sean shared. Let me see what’s going on with that button anyway, if you’re still seeing it?

Button is clickable but after clicking “Fix it” there is an error: “Failed to apply fix. Please try again.”. After update of Next.js and libraries still that warning occurs.

Thanks for the report, @piotr-2296 ! Good to know, I’ll raise internally.

@heystu I think he’s using v15, so switching to v16 might break dependencies. He should go with 15.5 which seems to be what v0 suggested.

The v0 team is looking into this right now

Security Vulnerability Detected This app uses Next.js 16.0.0 which has a recently discovered security flaw. Click below to upgrade to a secure version. Your published projects are protected by our platform level protections. Learn more I am getting “Failed to apply” if this is related

That is helpful - thank you Ian! The team is actively looking at this.

the prompt I gave will sort this out

Next.js vulnerability, "Fix with V0, it is free" - button not clickable

heystu (Sean) December 4, 2025, 11:53am 14

Ah ok interesting. Hmmm…. then I am thinking just updating the prompt to say that would work just fine.
But as Pauline said, seems the team is looking into it.

Topic		Replies	Views
Misleading warning about react2shell CVE (suggested wrong Next.js version to patch to) v0 nextjs	4	150	December 16, 2025
Still showing CVE-2025-66478/CVE-2025-55182 on Vercel dashboard Help nextjs , react , security	2	183	December 23, 2025
Security advisory for React2Shell Announcements nextjs , handbook , security	22	2325	January 27, 2026
NextJS v15.5.9 is marked deprecated Help nextjs	4	996	December 16, 2025
Is there a fix available for CVE-2026-23864 in Nextjs v14 Help nextjs , security	3	92	February 6, 2026

Next.js vulnerability, "Fix with V0, it is free" - button not clickable

Related topics