Facebook React

6 CVEs affecting Facebook React. Latest disclosed: 2026-01-26. Critical: 1, High: 3.

Top CVEs affecting Facebook React
CVESeverityScorePublishedSummary
CVE-2025-55182Critical10.02025-12-03A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following…
CVE-2026-23864High7.52026-01-26Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbop…
CVE-2025-67779High7.52025-12-12It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific cas…
CVE-2025-55184High7.52025-12-11A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, inclu…
CVE-2018-6341Medium6.12018-12-31React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping co…
CVE-2025-55183Medium5.32025-12-11An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2…