484 matches found
Next.js has a Denial of Service with Server Components
A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...
GHSA-479C-33WC-G2PG React Server Components have a Denial of Service Vulnerability
Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests...
EUVD-2026-20584
React Server Components have a Denial of Service Vulnerability...
Exploit for CVE-2026-23869
CVE-2026-23869 - Proof of Concept PoC Description This...
React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff
Executive Summary In this article, we disclose a new high severity unauthenticated remote denial‑of‑service vulnerability we identified and reported in React Server Components that we’ve dubbed “React2DoS”. In this blog, we’ll analyze its impact and place it in the broader context of recently fou...
K000160686: React framework vulnerability CVE-2026-23869
Security Advisory Description A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. T...
Allocation of Resources Without Limits or Throttling
Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the createMap, createSet, and extractIterator functions in packages/react-server/src/ReactFlightReplyServer.js. An attacker can crash the server by...
Allocation of Resources Without Limits or Throttling
Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the createMap, createSet, and extractIterator functions in packages/react-server/src/ReactFlightReplyServer.js. An...
Allocation of Resources Without Limits or Throttling
Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...
CVE-2026-23869
The CVE-2026-23869 entry describes a Denial-of-Service vulnerability in React Server Components affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specially crafted HTTP request to Server Function endpoints can cause the server to experience excessive C...
PT-2026-31432
Name of the Vulnerable Software and Affected Versions: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. Description: A denial of service vulnerability exists in React Server...
Exploit for Deserialization of Untrusted Data in Facebook React
👻 CVE-2025-55182 Go exploit Interactive RCE exploitation to...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell — Security Analysis Overview...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 POC High Fidelity Detection & Expl...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 RSC lab intentionally vulnerable Local Doc...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 – React2Shell React Server Components / Next...
Internet-Scale Measurement of React2Shell Exploitation Using an Active Network Telescope
The increasing adoption of server-side component-based web frameworks has introduced new application-layer attack surfaces that remain insufficiently understood at Internet scale. On 3 December 2025, a critical remote code execution vulnerability CVE-2025-55182 in React Server Components, referre...