Lucene search
K

484 matches found

Github Security Blog
Github Security Blog
added 2026/04/10 3:35 p.m.16 views

Next.js has a Denial of Service with Server Components

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this...

7.5CVSS5.8AI score0.01551EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2026/04/10 3:35 p.m.5 views

GHSA-479C-33WC-G2PG React Server Components have a Denial of Service Vulnerability

Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests...

7.5CVSS5.8AI score0.01551EPSS
Exploits3References4
EUVD
EUVD
added 2026/04/10 3:35 p.m.4 views

EUVD-2026-20584

React Server Components have a Denial of Service Vulnerability...

7.5CVSS5.8AI score0.01551EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2026/04/10 6:34 a.m.226 views

Exploit for CVE-2026-23869

CVE-2026-23869 - Proof of Concept PoC Description This...

7.5CVSS5.9AI score0.01551EPSS
Exploits3
Imperva Blog
Imperva Blog
added 2026/04/09 2:54 p.m.13 views

React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff

Executive Summary In this article, we disclose a new high severity unauthenticated remote denial‑of‑service vulnerability we identified and reported in React Server Components that we’ve dubbed “React2DoS”. In this blog, we’ll analyze its impact and place it in the broader context of recently fou...

7.5CVSS7.5AI score0.02329EPSS
Exploits3
F5 Networks
F5 Networks
added 2026/04/09 9:43 a.m.10 views

K000160686: React framework vulnerability CVE-2026-23869

Security Advisory Description A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. T...

7.5CVSS5.9AI score0.01551EPSS
Exploits3
Snyk
Snyk
added 2026/04/08 9:10 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the createMap, createSet, and extractIterator functions in packages/react-server/src/ReactFlightReplyServer.js. An attacker can crash the server by...

8.7CVSS5.8AI score0.01551EPSS
Exploits3References3
Snyk
Snyk
added 2026/04/08 9:10 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview @modern-js/utils is a progressive web framework based on React. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the createMap, createSet, and extractIterator functions in packages/react-server/src/ReactFlightReplyServer.js. An...

8.7CVSS5.8AI score0.01551EPSS
Exploits3References3
Snyk
Snyk
added 2026/04/08 9:10 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

8.7CVSS5.8AI score0.01551EPSS
Exploits3References3
NVD
NVD
added 2026/04/08 8:16 p.m.5 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS0.01551EPSS
Exploits3References4
Cvelist
Cvelist
added 2026/04/08 7:11 p.m.18 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS0.01551EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/04/08 7:11 p.m.6 views

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

7.5CVSS5.9AI score0.01551EPSS
Exploits3References1
CVE
CVE
added 2026/04/08 7:11 p.m.159 views

CVE-2026-23869

The CVE-2026-23869 entry describes a Denial-of-Service vulnerability in React Server Components affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specially crafted HTTP request to Server Function endpoints can cause the server to experience excessive C...

7.5CVSS5.9AI score0.01551EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31432

Name of the Vulnerable Software and Affected Versions: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. Description: A denial of service vulnerability exists in React Server...

7.5CVSS7.2AI score0.01551EPSS
Exploits3References22
GithubExploit
GithubExploit
added 2026/04/06 5:15 p.m.105 views

Exploit for Deserialization of Untrusted Data in Facebook React

👻 CVE-2025-55182 Go exploit Interactive RCE exploitation to...

10CVSS6.8AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2026/04/04 11:24 p.m.134 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell — Security Analysis Overview...

10CVSS6.7AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2026/03/31 10:11 p.m.135 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 POC High Fidelity Detection & Expl...

10CVSS6.2AI score0.99562EPSS
Exploits386
GithubExploit
GithubExploit
added 2026/03/25 6:29 p.m.130 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 RSC lab intentionally vulnerable Local Doc...

10CVSS6.9AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2026/03/18 1:41 p.m.127 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 – React2Shell React Server Components / Next...

10CVSS7.8AI score0.99562EPSS
Exploits372
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.6 views

Internet-Scale Measurement of React2Shell Exploitation Using an Active Network Telescope

The increasing adoption of server-side component-based web frameworks has introduced new application-layer attack surfaces that remain insufficiently understood at Internet scale. On 3 December 2025, a critical remote code execution vulnerability CVE-2025-55182 in React Server Components, referre...

10CVSS7.6AI score0.99562EPSS
Exploits372
Rows per page
Query Builder