We have been notified by our partners that a newly disclosed vulnerability (assigned CVE-2026-23864) that affects multiple React-based frameworks reveals a denial-of-service (DoS) vulnerability in React Server Components (RSCs). The Vercel team released a separate advisory detailing this vulnerability . There have not been any observed in-the-wild exploitations of this vulnerability. Still, Akamai has deployed an Adaptive Security Engine Rapid Rule to protect our customers from this threat. At the center of the issue is DoS attack due to memory exhaustion when specially crafted HTTP requests are sent to the respective web servers running React- or Next.js-based frameworks. The DoS vulnerability arises from how React handles Server Function invocations within the RSC protocol and is exploitable only in frameworks that actively use RSCs. Please note : This vulnerability does not require authentication, which makes exploitation easier.…