Critical React, Next.js flaw lets hackers execute code on servers
From BleepingComputer to All on Thu Dec 4 10:34:41 2025
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. [...]