A critical vulnerability in React Server Components is being actively exploited by multiple threat groups, putting thousands of websites — including crypto platforms — at immediate risk with users ...

IT之家 12 月 4 日消息，热门 JavaScript 框架 React 昨日发布官方公告，React Server Components 中存在一个未经身份验证的远程代码执行漏洞，建议开发者立即升级修补漏洞。 11 月 29 日，Lachlan Davidson 报告了 React 中的一个安全漏洞，该漏洞允许通过利用 React 解码发送到 ...

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...