Experts warn this 'worst case scenario' React vulnerability could soon be exploited - so patch now

React patches a 10/10 flaw that can be used for remote code execution.

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.