CVE-2026-23864

EPSS 1.4%
Veröffentlicht 26.01.2026 19:16:38
Zuletzt bearbeitet 13.02.2026 15:23:05
Quelle cve-assign@fb.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack.

The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory exceptions or excessive CPU usage; depending on the vulnerable code path being exercised, the application configuration and application code.

Strongly consider upgrading to the latest package versions to reduce risk and prevent availability issues in applications using React Server Components.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Facebook ≫ React Version >= 19.0.0 < 19.0.4

Facebook ≫ React Version >= 19.1.0 < 19.1.5

Facebook ≫ React Version >= 19.2.0 < 19.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.4%	0.802

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.facebook.com/security/advisories/cve-2026-23864

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-23864

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23864

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23864

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23864