7.5

CVE-2026-23864

Medienbericht
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack.

The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory exceptions or excessive CPU usage; depending on the vulnerable code path being exercised, the application configuration and application code.

Strongly consider upgrading to the latest package versions to reduce risk and prevent availability issues in applications using React Server Components.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FacebookReact Version >= 19.0.0 < 19.0.4
FacebookReact Version >= 19.1.0 < 19.1.5
FacebookReact Version >= 19.2.0 < 19.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.5% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
11.05.2026 16:03
https://www.facebook.com/security/advisories/cve-2026-23864
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:13571
https://access.redhat.com/security/cve/CVE-2026-23864
https://bugzilla.redhat.com/show_bug.cgi?id=2433059
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23864.json
https://access.redhat.com/errata/RHSA-2026:34608