CVE-2026-23870 | Meta react-server-dom-turbopack up to 19.0.5/19.1.6/19.2.5 HTTP deserialization (GHSA-rv78-f8rc-xrxh)

Inserito da Angelo Barbosa | Mag 6, 2026 | CVE

A vulnerability marked as problematic has been reported in Meta react-server-dom-turbopack, react-server-dom-parcel and react-server-dom-webpack up to 19.0.5/19.1.6/19.2.5. This affects an unknown part of the component HTTP Handler. The manipulation leads to deserialization.

This vulnerability is referenced as CVE-2026-23870. Remote exploitation of the attack is possible. No exploit is available.

CVE-2026-23870 | Meta react-server-dom-turbopack up to 19.0.5/19.1.6/19.2.5 HTTP deserialization (GHSA-rv78-f8rc-xrxh)

Post correlati

CVE-2026-3312 | Pagure reStructuredText File path traversal

CVE-2023-46262 | Ivanti Avalanche 6.4.1 server-side request forgery

CVE-2024-2682 | Campcodes Online Job Finder System 1.0 controller.php EMPLOYEEID cross site scripting

CVE-2024-3369 | code-projects Car Rental 1.0 add-vehicle.php Upload Image unrestricted upload