Exploit for Deserialization of Untrusted Data in Facebook React

👻 CVE-2025-55182 Go exploit Interactive RCE exploitation to...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell — Security Analysis Overview...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 POC High Fidelity Detection & Expl...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 RSC lab intentionally vulnerable Local Doc...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 – React2Shell React Server Components / Next...

Internet-Scale Measurement of React2Shell Exploitation Using an Active Network Telescope

The increasing adoption of server-side component-based web frameworks has introduced new application-layer attack surfaces that remain insufficiently understood at Internet scale. On 3 December 2025, a critical remote code execution vulnerability CVE-2025-55182 in React Server Components, referre...

Exploit for Deserialization of Untrusted Data in Facebook React

VPS Continuous Scanner A lightweight orchestrator and worker...

Exploit for Deserialization of Untrusted Data in Facebook React

React2shell or CVE-2025-55182 is a cr...

Exploit for Deserialization of Untrusted Data in Facebook React

React2shell or CVE-2025-55182 is a cr...

A New Denial-of-Service Vector in React Server Components

React Server Components RSC have introduced a hybrid execution model that expands application capabilities while increasing the potential attack surface. Following earlier disclosures and fixes related to React DoS vulnerabilities, an additional analysis of RSC internals was conducted to assess...

CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...

Exploit for Deserialization of Untrusted Data in Facebook React

Affected Software: React Server Components versions 19.0.0, 1...

📄 Next.js 15 Remote Code Execution

A PHP-based proof of concept implementation demonstrating the critical remote code execution vulnerability in React Server Components RSC Flight protocol, affecting React and Next.js applications...

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Sentinel CVE-2025-55182 Next.js / React Server Components...

Denial-of-Service (DoS)

React Server Components packages are vulnerable to Denial-Of-Service DoS. The vulnerability is due to insufficient validation and resource handling in Server Function request processing, where specially crafted HTTP requests to server function endpoints can trigger excessive CPU usage, memory...

React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

EUVD-2026-4673

React Server Components have multiple Denial of Service Vulnerabilities...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23864 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2026-23864 via react-server-dom-webpack (>=19.2.1 <=19.2.3)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

GHSA-83FC-FQCC-2HMG React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...