It sounds related to me. The react.dev blog post [1] says that the vulnerability is

> a flaw in how React decodes payloads sent to React Server Function endpoints

and the react.dev docs for React Server Functions [2] say that

> Server Components can define Server Functions with the "use server" directive [...] Client Components can import Server Functions from files that use the "use server" directive

So it certainly sounds like the vulnerability is related to React Server Functions which are related to "use server".

[1] https://react.dev/blog/2025/12/03/critical-security-vulnerab...

[2] https://react.dev/reference/rsc/server-functions