In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

React is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the ...

Exploitation of React2Shell started almost immediately after disclosure. AWS reported that at least two known China-linked threat actors, Earth Lamia and Jackpot Panda, have been exploiting it in ...

Security firms have seen cryptocurrency miners, Linux backdoors, botnet malware, and post-exploitation implants in ...

SEAL Security researchers warned that a critical React flaw fueled a surge in wallet-draining attacks on crypto websites.

React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ...

Following the critical vulnerability CVE-2025-55182 in React Server Components, researchers have found three new leaks. Two ...

The JavaScript programming library React and certain apps created with it are vulnerable. Security updates are available for download.

React and Next.js are urging developers to immediately patch two additional, follow-up vulnerabilities that were discovered ...

Plane 1.2.0 rebuilt its frontend stack, migrating from Next.js to React Router and Vite, and fixed critical security ...

Yes, Cloudflare has acknowledged that modifications made to its systems to address the serious "React2Shell" vulnerability directly caused a recent ...