{"vulnerability": "CVE-2026-23870", "sightings": [{"uuid": "9719f1eb-bff2-4968-848d-f8b50e80c859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23870", "type": "seen", "source": "Telegram/O41s4ZacceniC-zmRdA20LKtlUfLN8dJaI2Rmc1hsAXigiA", "content": "", "creation_timestamp": "2026-05-13T21:00:04.000000Z"}, {"uuid": "d98d4422-9506-4e41-ace2-563101efe5cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23870", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml77m25mcy2e", "content": "\ud83d\udfe0 CVE-2026-23870 - High (7.5)\n\nA denial of service vulnerability could be triggered by sending specially crafted HTTP requests t...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-23870/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-06T17:21:14.834662Z"}, {"uuid": "faac5782-bf47-4029-83a0-c6783b2a1982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23870", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mldmplhieu25", "content": "Is Your React App Vulnerable to the CVE-2026-23870 DoS Attack?", "creation_timestamp": "2026-05-08T11:26:30.800771Z"}, {"uuid": "23d85e20-567d-4372-8991-129683ec5c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23870", "type": "published-proof-of-concept", "source": "https://t.me/htfgtps/1107", "content": "CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-\n2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-\n44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576,\nCVE-2026-44582, CVE-2026-44572\nhttps://github.com/dwisiswant0/next-16.2.4-pocs", "creation_timestamp": "2026-05-11T06:42:58.000000Z"}, {"uuid": "635ed5e7-7c90-4903-9543-eecb038122f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23870", "type": "seen", "source": "https://t.me/GithubRedTeam/84090", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a nextjs-cve-2026-23870-checker\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a emresandikci\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-13 14:50:14\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nChecker and fixer for all 13 vulnerabilities in the Next.js May 2026 security release (CVE-2026-23870)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-13T15:00:06.000000Z"}, {"uuid": "4c97ffda-f2bf-4dee-a389-da37cd897570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23870", "type": "seen", "source": "Telegram/Aa-0BibdUURQTQB8vAK81JOhZI4LJlfkqSwyDkBvxH4d8YE", "content": "", "creation_timestamp": "2026-05-08T03:00:10.000000Z"}, {"uuid": "8109e4eb-1f73-45eb-8fec-60cd6242169e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23870", "type": "seen", "source": "Telegram/xvoYgOFnUf5jFw65_bW2FC7fcn6orx4l4LTjm0d68ZkOEzo", "content": "", "creation_timestamp": "2026-05-08T03:00:06.000000Z"}, {"uuid": "1a60b093-de2d-4bd1-b769-fc9ceacf5265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-23870", "type": "seen", "source": "https://www.acn.gov.it/portale/w/next.js-aggiornamenti-di-sicurezza-1", "content": "", "creation_timestamp": "2026-05-08T12:09:44.000000Z"}, {"uuid": "ab8edd6f-1a6e-497e-8a06-3f646b148423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-23870", "type": "seen", "source": "https://bsky.app/profile/solomonneas.dev/post/3mlgmkn3pnk2p", "content": "\ud83d\udee0\ufe0f Next.js May 2026: 13 security advisories patched\nUpgrade for CVE-2026-23870, SSRF, XSS and cache poisoning.\n\n\ud83d\udee0\ufe0f GitHub Copilot: Sonnet 4 deprecated, GPT-4.1 ends Jun 1\nUpdate pinned model configs.\n\n\ud83d\udee0\ufe0f LangChain 0.3.30: CVE fix, hub deprecations\nsolomonneas.dev/intel", "creation_timestamp": "2026-05-09T16:01:44.199336Z"}]}