Webinar | On Demand

React2Shell Uncovered: What the Critical RCE Means - And What You Must Do

Watch Now

In December 2025, the security community uncovered a devastating flaw in React Server Components - React2Shell. This vulnerability (CVE-2025-55182 / CVE-2025-66478) enables unauthenticated remote code execution (RCE) through a single crafted HTTP request, potentially compromising servers - even for apps that don’t explicitly expose server functions. With React and Next.js powering millions of web applications globally - including many enterprise and consumer-facing platforms - the exposure is massive.

Featured Speakers

Brian Fox

CTO, Sonatype

Tyler Warden

SVP of Product, Sonatype

React2Shell Uncovered: What the Critical RCE Means - And What You Must Do

Featured Speakers

Brian Fox

Tyler Warden

Related Resources

The Evolution of Open Source Malware

Axios Compromise on npm Introduces Hidden Malicious Package

Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer