GHSA-q4gf-8mx6-v5v3

ADVISORY - github

Summary

A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23869. You can read more about this advisory our this changelog.

A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-770⁠

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories

GitHub

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY IDGHSA-q4gf-8mx6-v5v3⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-770⁠

CVSS SCORE

7.5high

Chainguard

CREATED

12 days ago

UPDATED

12 days ago

ADVISORY ID

CGA-jww2-236w-h9mr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

10 days ago

UPDATED

10 days ago

ADVISORY ID

MINI-gh66-w992-hc6v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY