cbcvebase.

Meta React-Server-Dom-Parcel vulnerabilities

7 known vulnerabilities affecting meta/react-server-dom-parcel.

Total CVEs
7
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-55182P1CRITICALCVSS 10.0KEVPoCRansomware≥ 19.0.0, ≤ 19.0.0≥ 19.1.0, ≤ 19.1.1+1 more2025-12-03
CVE-2025-55182 [CRITICAL] CWE-502 CVE-2025-55182: A pre-authentication remote code execution vulnerability exists in React Server Components versions A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints
ghsanvdosv
CVE-2025-55184P1HIGHCVSS 7.5ExploitedPoC≥ 19.0.2, ≤ 19.0.2≥ 19.1.3, ≤ 19.1.3+1 more2025-12-11
CVE-2025-55184 [HIGH] CWE-502 CVE-2025-55184: A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0 A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Fu
ghsanvdosv
CVE-2025-55183P2MEDIUMCVSS 5.3PoC≥ 19.0.0, ≤ 19.0.1≥ 19.1.0, ≤ 19.1.2+1 more2025-12-11
CVE-2025-55183 [MEDIUM] CVE-2025-55183: An information leak vulnerability exists in specific configurations of React Server Components versi An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may uns
ghsanvdosv
CVE-2025-67779P3HIGHCVSS 7.5≥ 19.0.2, < 19.0.3≥ 19.1.3, < 19.1.4+1 more2025-12-12
CVE-2025-67779 [HIGH] CWE-400 Denial of Service Vulnerability in React Server Components Denial of Service Vulnerability in React Server Components ## Impact It was found that the fix to address [CVE-2025-55184](https://github.com/facebook/react/security/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. We recommend updating immediately. The vulnerability exists in versions 19.0.2, 19.1.3, and 19.2.2
ghsaosv
CVE-2026-23864P3HIGHCVSS 7.5≥ 19.0.0, < 19.0.4≥ 19.1.0, < 19.1.5+1 more2026-01-26
CVE-2026-23864 [HIGH] CWE-400 CVE-2026-23864: Multiple denial of service vulnerabilities exist in React Server Components, affecting the following Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted HTTP requests to Server Function endpoints, and could lead to server crashes, out-of-memory excepti
ghsanvdosv
CVE-2026-23869P3HIGHCVSS 7.5≥ 19.0.0, ≤ 19.0.4≥ 19.1.0, ≤ 19.1.5+1 more2026-04-08
CVE-2026-23869 [HIGH] CWE-400 CVE-2026-23869: A denial of service vulnerability exists in React Server Components, affecting the following package A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server F
ghsanvd
CVE-2026-23870P3HIGHCVSS 7.5≥ 19.0.0, ≤ 19.0.5≥ 19.1.0, ≤ 19.1.6+1 more2026-05-06
CVE-2026-23870 [HIGH] CVE-2026-23870: A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to s A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack (versions 19.0.0 through 19.0.5, 19.1.0
ghsanvd
Meta React-Server-Dom-Parcel vulnerabilities | cvebase