Products
Traefik ProxyTraefik Hub API GatewayTraefik Hub API ManagementAI GatewayAPI Mocking
Solutions
AI Gateway

New!

MCP Gateway

New!

Modern API GatewayAPI Mocking

New!

GitOps-Driven API ManagementAir-Gapped API Management

New!

Web Application FirewallRuntime API GovernanceKubernetes IngressDocker Swarm IngressReplace Ingress-NGINX

New!

Traefik & HashiCorpTraefik & MicrosoftTraefik & Nutanix

New!

Traefik & Oracle OCI
Learn
BlogResource LibraryTraefik AcademySuccess StoriesGlossaryEventsDocsPlugin CatalogForumCommunity
Compare
vs Apigeevs AWS API Gatewayvs Azure APIMvs Graviteevs Kong Konnectvs TykSee more comparisons
Pricing
Docs

José Carlos Chávez

Security Software Engineer @ Okta, OWASP Coraza co-leader, and Peruvian llama ambassador.

Security Alert: How Attackers Can Bypass Next.js Middleware With a Single HTTP Header

Security Alert: How Attackers Can Bypass Next.js Middleware With a Single HTTP Header

José Carlos Chávez
José Carlos Chávez
·
Security
·
March, 2025

Recently, a critical vulnerability (CVE-2025-29927) was disclosed in the popular Next.js framework, allowing attackers to circumvent middleware execution—including security checks—by leveraging an internal header.

Read more
Why does WAF matter in API security?

Why does WAF matter in API security?

José Carlos Chávez
José Carlos Chávez
·
API Management
·
March, 2024

Nowadays, APIs power the internet. We see APIs (Application Programming Interfaces) everywhere: webshops, social networks, mobile apps, government sites and most of the media entertainment is delivered to us over APIs.

Read more