Home / Security updates / Security Advisory: React Server Components CVE-2026-23864
Security Advisory: React Server Components CVE-2026-23864
Security updates detail rendered from /security-updates/upd_b552b01890861736.
Overview
| ID | upd_b552b01890861736 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | BigCommerce |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_b552b01890861736 |
| providerId | safebase |
| organizationId | org_4b69487e03d2295e |
| trustCenterId | tc_cff7a10c06b15d55 |
| title | Security Advisory: React Server Components CVE-2026-23864 |
| message | We are aware of the recently disclosed React Server Components vulnerability, CVE-2026-23864 (CVSS 7.5), which affects certain versions of React Server Components used by frameworks such as Next.js. Commerce.com is not affected by this vulnerability. We have not identified any impact to our platform or customer environments. The vulnerability relates to denial-of-service scenarios triggered by specially crafted HTTP requests to React Server Component server functions. Importantly, this issue does not allow for remote code execution. We recommend that customers who independently use React Server Components in their own applications review the advisory and upgrade to a patched version if applicable. More information: https://vercel.com/changelog/summary-of-cve-2026-23864 Patched versions are available for affected React and framework releases, and users should upgrade as recommended by their framework maintainers. |
| url | - |
| publishedAt | 2026-01-28 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_4b69487e03d2295e",
"name": "BigCommerce",
"domains": [
"security.bigcommerce.com",
"bigcommerce.com"
]
} |
| trust_center | {
"id": "tc_cff7a10c06b15d55",
"name": "BigCommerce",
"url": "https://security.bigcommerce.com",
"host": "security.bigcommerce.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_b552b01890861736",
"company": "/v1/companies/org_4b69487e03d2295e",
"trust_center": "/v1/trust-centers/tc_cff7a10c06b15d55",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_b552b01890861736JSON