React security advisory (AV26-123)

Serial number: AV26-123
Date: February 12, 2026

On February 11, 2026, Hashicorp published a security advisory to address a vulnerability in the following product:

• next-mdx-remote – versions 4.3.0 to 5.0.0

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

• HCSEC-2026-01 - Arbitrary code execution in React server-side rendering of untrusted MDX content