PoC Archive PoC Archive

tag

RSC

Critical
React2Shell - Next.js RSC Unauthenticated RCE
CVE-2025-55182· Next.js (App Router with React Server Components), React patched
High
Next.js RSC Server-Action DoS via Flight Deserialization (CVE-2026-23870)
CVE-2026-23870· Next.js App Router (React server-action / RSC reply parser) unpatched
Medium
Next.js RSC Response Cache Poisoning (CVE-2026-44576)
CVE-2026-44576· Next.js App Router deployments using React Server Components (RSC) behind shared caches patched
Low
Next.js RSC Cache-Busting Weak Hash Collision (CVE-2026-44582)
CVE-2026-44582· Next.js App Router patched
High
Next.js App Router Segment-Prefetch Middleware Bypass (CVE-2026-44575)
CVE-2026-44575· Next.js App Router applications that rely on middleware.ts matchers to protect routes patched