Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
CRN

React Server Vulnerability Is No Cause For Panic: Security Expert

A critical-severity vulnerability impacting the popular React open-source library deserves attention, but is far from the ...
The Hacker News

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting ...

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already ...
Hackaday

This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you ...