CVE-2026-23869

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions React Server Components versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4

Description A denial of service issue exists in React Server Components. Sending specially crafted HTTP requests to Server Function endpoints can cause excessive CPU usage for up to a minute, resulting in an error. The payload of the HTTP request triggers this behavior.

Recommendations Update to a version later than 19.2.4.

Fix

DoS

Deserialization of Untrusted Data

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-400

Related Identifiers

CVE-2026-23869

GHSA-479C-33WC-G2PG

Affected Products

React Server Components

CVE-2026-23869

Weakness Enumeration

Related Identifiers

Affected Products

References · 14