Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote ...
SecurityWeek

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Critical React vulnerability tracked as CVE-2025-55182 and React2Shell can be exploited for unauthenticated remote code ...
Techzine Europe

Meta warns of critical vulnerability in React Server Components

Meta has discovered a critical vulnerability in React Server Components. The vulnerability has been given a maximum score of ...

Cloudflare blames today's outage on React2Shell mitigations

Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks.
CSO Online

Warning: React2Shell vulnerability already being exploited by threat actors

It has been seen spreading cryptojacking malware and in attempts to steal cloud credentials from compromised machines.