THREATOPS
THREAT OPSThreat News › Minting Next.js Authentication Cookies

Minting Next.js Authentication Cookies

lowembracetheredPublished 2026-01-15

<p>In this post, we&rsquo;ll look how an adversary can mint authentication cookies for Next.js (<code>next-auth/Auth.js</code>) applications to maintain persistent access to the application as any user.</p> <p><a href="https://embracethered.com/blog/images/2026/next-auth.png"><img alt="Minting NextAuth authentication tokens and cookies" src="https://embracethered.com/blog/images/2026/next-auth.png

Indicators of compromise

Original source: https://embracethered.com/blog/posts/2026/minting-next-auth-nextjs-auth-cookies-react2shell-threat/