Security2 views

Critical Security Updates Required for Next.js and React Server Components

A series of critical vulnerabilities discovered in React Server Components (RSC) and Next.js has prompted an immediate call for updates to prevent severe exploits. Researchers have identified flaws that could lead to Denial of Service (DoS), Server-Side Request Forgery (SSRF), Cross-Site Scripting (XSS), and cache poisoning. These vulnerabilities impact how server-side data is handled and rendered, potentially allowing attackers to bypass security layers and compromise application integrity.

To mitigate these risks, developers must upgrade to the latest patched versions immediately. The following packages have received security fixes:

  • Next.js: Update to versions 15.5.16 or 16.2.5.
  • react-server-dom-webpack: Version 19.0.6.
  • react-server-dom-parcel: Version 19.1.7.
  • react-server-dom-turbopack: Version 19.2.6.

Cloudflare warns that these security gaps exist across different severity levels, making broad-scale infrastructure updates the only reliable defense. Given the widespread use of Next.js in production environments, unpatched servers remain highly susceptible to automated attacks targeting these specific entry points.

More

View all
DevelopmentMay 17, 2026

Linux Kernel 'Killswitch' Could Disable Vulnerable Features on the Fly

New Linux 'Killswitch' proposal by Sasha Levin aims to let admins disable vulnerable kernel features instantly to prevent security exploits before patches arrive.

TechMay 17, 2026

Iran Considers Full Control Over Strategic Hormuz Subsea Cables

Iran may take control of seven subsea cables in the Strait of Hormuz, planning to charge data tolls and enforce domestic laws on global internet traffic.

SecurityMay 17, 2026

MD5 Hashes Are Obsolete: Your Passwords Could Be Cracked in Seconds

Kaspersky reports 60% of MD5 hashes can be cracked in an hour. Learn why the RTX 5090 makes traditional passwords obsolete and how to stay secure.