Skip to content

fix: update next.js and react for CVE-2026-23864#18

Open
sergical wants to merge 1 commit intogetsentry:mainfrom
sergical:fix/cve-2026-23864
Open

fix: update next.js and react for CVE-2026-23864#18
sergical wants to merge 1 commit intogetsentry:mainfrom
sergical:fix/cve-2026-23864

Conversation

@sergical
Copy link
Member

@sergical sergical commented Jan 27, 2026

Summary

Updates Next.js and React packages to address CVE-2026-23864 (DoS vulnerabilities in React Server Components).

Changes

  • next: 16.1.0 → 16.1.5
  • react: ^19.2.3 → ^19.2.4
  • react-dom: ^19.2.3 → ^19.2.4

Vulnerability Details

Malicious HTTP requests to Server Function endpoints can cause crashes, OOM, or CPU exhaustion.

Verification

  • yarn build passes

🤖 Generated with Claude Code

@sergical @claude
fix: update next.js and react for CVE-2026-23864
8a659b5 
Updates:
- next: 16.1.0 → 16.1.5
- react: ^19.2.3 → ^19.2.4
- react-dom: ^19.2.3 → ^19.2.4

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@vercel
Copy link
Contributor

vercel bot commented Jan 27, 2026

@sergical is attempting to deploy a commit to the Sentry Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sergical