In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ...

Web server admins must scramble to update their backend servers again after React and Next.js disclosed two additional follow-up vulnerabilities related to last week’s discovery of a critical bug.

A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting urgent warnings across the tech industry. The bug — dubbed “React2Shell” — ...

Earlier today, Cloudflare experienced a widespread outage that caused websites and online platforms worldwide to go down, returning a "500 Internal Server Error" message. The internet infrastructure ...

Critical React flaw (CVE-2025-55182) enables pre-auth RCE in React Server Components Affects versions 19.0–19.2.0 and frameworks like Next, React Router, Vite; patches released in 19.0.1, 19.1.2, 19.2 ...

Cloudflare has blamed a Friday outage on mitigations for the critical React vulnerability dubbed React2Shell. React2Shell, officially tracked as CVE-2025-55182, is an unauthenticated remote code ...

TL;DR Ransomware groups are expected to rapidly weaponize this critical (CVSS 10.0) React vulnerability to establish initial access. This vulnerability leads to remote code execution for ...

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.

A critical security flaw has been discovered in React, one of the most widely used JavaScript libraries for building websites. The bug enables external attackers to run privileged, arbitrary code on ...