---
title: Added virtual patch for CVE-2026-23869 (React Server Components DoS)
summary: null
url: >-
  https://www.fastly.com/documentation/reference/changes/2026/04/added-virtual-patch-for-cve-2026-23869
---

A Denial of Service vulnerability has been found in React Server Components and has been assigned CVE-2026-23869. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services, follow the steps for your control panel below.

## Next-Gen WAF control panel

### Professional and Premier platforms or packaged offerings

If you're on the Professional or Premier platform or have purchased the Security Core, Security Core Plus, or Security Total packaged offering, complete the following steps:

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the **Rules** menu, select **Templated Rules**.
4. In the search bar, enter `CVE-2026-23869` and then click **View** for the CVE-2026-23869 templated rule.
5. Click **Configure** and then **Add trigger**.
6. Select the **Block requests from an IP immediately if the CVE-2026-23869 signal is observed** checkbox.
7. Click **Update rule**.

### Essential platform

If you're on the Essential platform, complete the following steps:

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. Click the **Signals** tab.
4. In the search bar, enter `CVE-2026-23869` and then click **View** for the CVE-2026-23869 tag.
5. Click the **Detections** tab and then **Add detection**.
6. Verify the switch is set to **Enabled**.
7. Click **Create detection**.
8. Click the **Alerts** tab and then **Add alert**.
9. In the **Status** area, set the switch to **Enabled**.
10. Click **Save alert**.

## Fastly control panel

If you're using the Fastly control panel, complete the following steps:

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Workspaces**](https://manage.fastly.com/security/ngwaf/workspaces).

3. Click **Virtual Patches**.
4. In the search bar, enter `CVE-2026-23869` and then click the pencil <span class="inline-icons"><img src="/img/icons/pencil.png" alt="Pencil icon" /></span> to the right of the CVE-2026-23869 virtual patch.
5. From the **Status** menu, select **Enabled**.
6. _(Optional)_ If your workspace is in blocking mode, choose whether to **Block requests** or **Log requests** if the CVE-2026-23869 signal is observed.
7. Click **Update virtual patch**.