The Hacker News

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation.
Yahoo

React Server Components crisis escalates as security teams respond to compromises

Add Yahoo as a preferred source to see more of our stories on Google. This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily ...
aha.org

CISA alerts of critical vulnerability impacting free program used for building user interfaces

A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog.
Network World

Cloudflare firewall reacts badly to React exploit mitigation

Cloudflare’s network suffered a brief but widespread outage Friday, after an update to its Web Application Firewall to mitigate a vulnerability in React Server Components went wrong. At 9:09 a.m. UTC, ...
GitHub

Critical Security Vulnerability in React Server Components

19.0.0, 19.1.0, 19.1.1, 19.2.0 This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the ...
GitHub

Importing react-dom/server in client bundle for renderToStaticMarkup

I was wondering why my bundle size added 200kb when I added @highcharts/react even though I've got highcharts as an external dependency in my Vite config and this package seems pretty small. After ...