Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Meta | react-server-dom-turbopack | unaffected |
|
||||||||||||
| Meta | react-server-dom-parcel | unaffected |
|
||||||||||||
| Meta | react-server-dom-webpack | unaffected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
No data.
Project Subscriptions
No data.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 06 May 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Denial of Service via Crafted HTTP Requests in Meta React Server DOM Packages | |
| Weaknesses | CWE-770 |
Wed, 06 May 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack (versions 19.0.0 through 19.0.5, 19.1.0 through 19.1.6, and 19.2.0 through 19.2.5). | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: Meta
Published:
Updated: 2026-05-06T16:24:55.620Z
Reserved: 2026-01-16T19:49:26.309Z
Link: CVE-2026-23870
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-06T17:16:22.043
Modified: 2026-05-06T17:16:22.043
Link: CVE-2026-23870
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-06T17:30:08Z
No weakness.