EUVD-2026-27867

Facebook React has a Denial of Service Vulnerability in React Server Components...

CVE-2026-23870

CVE-2026-23870 is a denial-of-service vulnerability in react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. It affects versions 19.0.0–19.0.5, 19.1.0–19.1.6, and 19.2.0–19.2.5. Triggered by specially crafted HTTP requests to server function endpoints, it can cause se...

CVE-2026-23870

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel,...

CVE-2026-23870

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel,...

PT-2026-37660

Name of the Vulnerable Software and Affected Versions react-server-dom-webpack versions 19.0.0 through 19.0.5 react-server-dom-webpack versions 19.1.0 through 19.1.6 react-server-dom-webpack versions 19.2.0 through 19.2.5 react-server-dom-parcel versions 19.0.0 through 19.0.5...