Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS Vulnerability

TL;DR:A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables unauthenticated attackers to send specially crafted HTTP requests that trigger excessive CPU consumption...

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by sending malicious FormData in an HTTP request...

Allocation of Resources Without Limits or Throttling

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by...

react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Research Repository !License: MIThttps://i...

Exploit for Deserialization of Untrusted Data in Facebook React

flight-risk flight risk /flaɪt rɪsk/ — React's Flight...

React Server Components - Denial of Service

React Server Components 19.0.0 to 19.2.1 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain an insecure deserialization vulnerability caused by unsafe payload deserialization in Server Function endpoints, letting unauthenticated attackers cause...

VulnCheck KEV: CVE-2025-55184

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...

Denial Of Service

React Server Components is vulnerable to Denial of Service. The vulnerability is due to specially crafted HTTP requests to Server Function endpoints, where the payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — React Server Components RCE | CTF Writeup...

Exploit for CVE-2026-23869

⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...

Exploit for CVE-2026-23869

⚡ CVE-2026-23869 — React2DoS Unauthenticated Remote Denial-o...

@vitejs/plugin-rsc has a Denial of Service with React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.4. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg Patches Upgrade immediately to @vitejs/[email protected] or...

GHSA-V457-WXVJ-P9W9 @vitejs/plugin-rsc has a Denial of Service with React Server Components

Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.4. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg Patches Upgrade immediately to @vitejs/[email protected] or...

GHSA-Q4GF-8MX6-V5V3 Next.js has a Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...

Next.js has a Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...

EUVD-2026-20584

React Server Components have a Denial of Service Vulnerability...

GHSA-479C-33WC-G2PG React Server Components have a Denial of Service Vulnerability

Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests...

Exploit for CVE-2026-23869

CVE-2026-23869 - Proof of Concept PoC Description This...