This week’s release introduces new detections for denial-of-service attempts targeting React CVE-2026-23864 (https://www.cve.org/CVERecord?id=CVE-2026-23864).
Key Findings
- CVE-2026-23864 (https://www.cve.org/CVERecord?id=CVE-2026-23864) affects
react-server-dom-parcel,react-server-dom-turbopack, andreact-server-dom-webpackpackages. - Attackers can send crafted HTTP requests to Server Function endpoints, causing server crashes, out-of-memory exceptions, or excessive CPU usage.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | aaede80b4d414dc89c443cea61680354 | N/A | React Server – DOS – CVE:CVE-2026-23864 – 1 | N/A | Block | This is a new detection. |
| Cloudflare Managed Ruleset | 3e93c9faaafa447c83a525f2dcdffcf8 | N/A | React Server – DOS – CVE:CVE-2026-23864 – 2 | N/A | Block | This is a new detection. |
| Cloudflare Managed Ruleset | 930020d567684f19b05fb35b349edbc6 | N/A | React Server – DOS – CVE:CVE-2026-23864 – 3 | N/A | Block | This is a new detection. |
Leave a Reply