CVE-2026-23869: CVSS 7.5 in React Server Components lead to Denial of Service (opens in new tab)

# Summary of CVE\-2026\-23869 **Published:** April 8, 2026 | **Authors:** Vercel Security --- # Summary A high-severity vulnerability (CVSS 7.5) in React Server Components can lead to Denial of Service. We created new rules to address these vulnerabilities and deployed them to the Vercel WAF to automatically protect all projects hosted on Vercel at no cost. However, do not rely on the WAF for full protection. Immediate upgrades to a patched version are required. # Impact A specially cr...