Multiple Critical Vulnerabilities Patched in Next.js and React Server Components
Vercel has released an extensive set of security advisories for Next.js, addressing more than a dozen vulnerabilities, including denial-of-service, middleware bypass, server-side request forgery, and cross-site scripting. The flaws affect Next.js versions 13.x through 16.x using the App Router, as well as React Server Components packages for versions 19.x. CVE-2026-23870: Denial of Service via React […] The post Multiple Critical Vulnerabilities Patched in Next.js and React Server Components appeared first on Cyber Security News.
Multiple critical vulnerabilities were discovered in Next.js and React Server Components, allowing attackers to trigger denial-of-service attacks, middleware bypass, server-side request forgery, and cross-site scripting. The flaws affect versions 13.x through 16.x of Next.js using the App Router, as well as React Server Components packages for versions 19.x.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HRead the full article
This is a curated summary. The complete article is available at Cyber Security News.