CVE-2026-23870

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel,...

CVE-2026-23869

A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. The vulnerability is triggered ...

CVE-2025-55184

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...

CVE-2025-55182

CVE-2025-55182 is a pre-auth remote code execution vulnerability in React Server Components (versions 19.0.0, 19.1.0, 19.1.1, 19.2.0) affecting react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The issue arises from unsafe deserialization of payloads in HTTP reque...