Primary

Context

React Server Components Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in React Server Components, specifically in the packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. This vulnerability can be triggered by sending specially crafted HTTP requests to Server Function endpoints, potentially leading to server crashes, out-of-memory exceptions, or excessive CPU usage. The impact varies depending on the vulnerable code path, application configuration, and application code.

Impact

Exploitation of this vulnerability can cause server crashes, out-of-memory exceptions, or excessive CPU usage, leading to availability issues in applications using React Server Components.

Remediation

Users are strongly advised to upgrade to the latest package versions to reduce risk and prevent availability issues.

Added: Jan 26, 2026, 8:18 PM

Updated: Jan 26, 2026, 9:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

React Server Components Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating