Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.

One of the most popular web app frameworks has a major security flaw

Alas, no, as it turns out that a very popular web app framework, used heavily in servers around the world, has been ...

Patch Now! Critical Malware Vulnerability Threatens React

The JavaScript programming library React and certain apps created with it are vulnerable. Security updates are available for ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...
FinanceFeeds

Hackers Exploit JavaScript Library to Deploy Crypto Wallet Drainers

Hackers exploit a critical React JavaScript vulnerability, CVE-2025-55182, to deploy crypto wallet drainers on legitimate websites ...
HealthcareInfoSecurity

Chinese Nation-State Groups Tied to 'React2Shell' Targeting

Warnings continue to mount over a critical vulnerability in the widely used web application framework React, with threat ...

Hackers are exploiting a JavaScript library to plant crypto drainers

Hackers are exploiting a vulnerability in React to inject wallet-draining malware into cryptocurrency websites.