← Back to feed
ChangelogNetlify
- Severity
- Critical
- Published
- 18 days agoApr 8, 2026
- Signal
- 73
Security Update: DoS vulnerability in Next.js and React Server Components
A denial-of-service (DoS) vulnerability (CVE-2026-23869, CVSS 7.5) has been disclosed affecting React Server Components (RSCs), a feature used by Next.js and other React metaframeworks. A malicious payload can cause excessive CPU consumpti…
Official source entry
Security Update: DoS vulnerability in Next.js and React Server Components
From Netlify Changelog. The simplified record can be checked against the original wording.
Why it matters
Netlify updated netlify changelog semantics for hosting and frontend-infra. Review the official entry before the next deploy.
Who should care
- frontend
- backend
- infra
Affected stack
- hosting
- frontend-infra
- developer-workflow
- deployments
Categories
securityapi