{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/react/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-23869"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["CVE-2026-23869","denial-of-service","react"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-23869 is a denial-of-service (DoS) vulnerability affecting React Server Components. Specifically, the vulnerability impacts the \u003ccode\u003ereact-server-dom-parcel\u003c/code\u003e, \u003ccode\u003ereact-server-dom-turbopack\u003c/code\u003e, and \u003ccode\u003ereact-server-dom-webpack\u003c/code\u003e packages in versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. These malicious requests cause excessive CPU utilization on the server, potentially leading to service degradation or unavailability. The CPU usage can remain high for up to a minute before an error is thrown. This vulnerability poses a significant risk to applications utilizing the affected React Server Components, as it allows for relatively easy disruption of service.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a server running a vulnerable version of React Server Components (19.0.0-19.0.4, 19.1.0-19.1.5, or 19.2.0-19.2.4).\u003c/li\u003e\n\u003cli\u003eThe attacker discovers a Server Function endpoint within the React application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request specifically designed to trigger the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted HTTP request to the Server Function endpoint.\u003c/li\u003e\n\u003cli\u003eUpon receiving the malicious request, the server begins to experience excessive CPU usage.\u003c/li\u003e\n\u003cli\u003eThe CPU usage remains elevated for a significant period (up to one minute).\u003c/li\u003e\n\u003cli\u003eEventually, the server throws an error due to the excessive processing load.\u003c/li\u003e\n\u003cli\u003eThe elevated CPU usage and eventual error cause a denial of service, making the application unresponsive or unavailable to legitimate users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-23869 can lead to a denial-of-service condition, rendering affected React applications unavailable. This can disrupt business operations, damage reputation, and potentially lead to financial losses. The severity of the impact depends on the criticality of the affected application and the duration of the service disruption. While the precise number of potential victims is unknown, any organization using the vulnerable React Server Components is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of \u003ccode\u003ereact-server-dom-parcel\u003c/code\u003e, \u003ccode\u003ereact-server-dom-turbopack\u003c/code\u003e, or \u003ccode\u003ereact-server-dom-webpack\u003c/code\u003e to remediate CVE-2026-23869.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious React Server Function Requests\u0026rdquo; to monitor for potentially malicious HTTP requests targeting Server Function endpoints, based on HTTP request patterns.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusually high CPU usage correlated with requests to Server Function endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T20:16:23Z","date_published":"2026-04-08T20:16:23Z","id":"/briefs/2026-04-react-dos/","summary":"A denial of service vulnerability, CVE-2026-23869, exists in React Server Components due to excessive CPU usage triggered by specially crafted HTTP requests to Server Function endpoints, potentially leading to service disruption.","title":"React Server Components Denial of Service Vulnerability (CVE-2026-23869)","url":"https://feed.craftedsignal.io/briefs/2026-04-react-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — React","version":"https://jsonfeed.org/version/1.1"}