Next.js and React Server Components Get Urgent Security Fixes for DoS, SSRF, and Auth Bypass Flaws

Vercel has released a major Next.js security update that fixes 13 advisories across denial-of-service, middleware bypass, server-side request forgery, cache poisoning, and cross-site scripting bugs. The update also includes a fix for an upstream React Server Components vulnerability tracked as CVE-2026-23870. This flaw can let attackers send crafted HTTP requests to Server Function endpoints and […] The post Next.js and React Server Components Get Urgent Security Fixes for DoS, SSRF, and Auth Bypass Flaws appeared first on VPN Central.