react-server-dom-unbundled

MAL-2026-356

npmmalware1/20/2026
Description

Malicious code in react-server-dom-unbundled (npm)

Indicators of Compromise
SHA256 Hashes (2)
972650319e5c8cb65ee346d874446ce27958f22e64028b34e0b1917d614ad6b3
1a00ece23d0316d703248d00b48a8a29b2ed829ae8e1bce8f1bfd6a404820b21
References (1)
https://github.com/advisories/GHSA-mq7q-f9vp-f9qxOSV
Details
Ecosystemnpm
Attack Typemalware
Published1/20/2026
Affected Versions
0
Aliases
GHSA-mq7q-f9vp-f9qx
Quick Actions
All Incidentsnpm Incidents
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001