# Middleware-based route protection bypass

Today, we released a CVE for a middleware-based route protection bypass. If your application uses `createRouteMatcher` in middleware or proxy (for Next, Nuxt, or Astro), please upgrade immediately.

Upgrade instructions and more details are available in the [security advisory](https://github.com/clerk/javascript/security/advisories/GHSA-vqx2-fgx2-5wq9).

Please [contact support](https://clerk.com/contact) with any additional questions or concerns.