Meta React-server-dom-webpack
7 CVEs affecting Meta React-server-dom-webpack. Latest disclosed: 2026-05-06. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-55182 | Critical | 10.0 | 2025-12-03 | A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following… |
CVE-2026-23870 | High | 7.5 | 2026-05-06 | A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes… |
CVE-2026-23869 | High | 7.5 | 2026-04-08 | A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and… |
CVE-2025-67779 | High | 7.5 | 2025-12-11 | It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific cas… |
CVE-2025-55184 | High | 7.5 | 2025-12-11 | A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, inclu… |
CVE-2025-55183 | Medium | 5.3 | 2025-12-11 | An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2… |
CVE-2026-23864 | | 2026-01-26 | Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbop… |