React2Shell : la faille exploitée par un botnet pour prendre le contrôle de serveurs web

Une vulnérabilité critique capable de donner le contrôle d’un serveur à distance attire forcément les attaques automatisées.
GitHub

Laravel + React Starter Kit

Our React starter kit provides a robust, modern starting point for building Laravel applications with a React frontend using Inertia. Inertia allows you to build modern, single-page React applications ...
Security Boulevard

Denial-of-Service and Source Code Exposure in React Server Components

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...
theregister

Half of exposed React servers remain unpatched amid active exploitation

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ...
cybernews

React, Next.js disclose follow-up vulnerabilities, again urge users to patch immediately

Web server admins must scramble to update their backend servers again after React and Next.js disclosed two additional follow-up vulnerabilities related to last week’s discovery of a critical bug.
interieur.gouv.fr

Maprocuration : votre procuration électorale désormais 100% en ligne avec France identité

À l’approche des élections municipales qui se dérouleront les 15 et 22 mars 2026, le ministère de l’Intérieur généralise à tous les scrutins la possibilité d’établir et de résilier de façon ...
techworm.net

Critical React Vulnerability Puts Web Servers At Immediate Risk

A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting urgent warnings across the tech industry. The bug — dubbed “React2Shell” — ...
Bleeping Computer

Cloudflare blames today's outage on React2Shell mitigations

Earlier today, Cloudflare experienced a widespread outage that caused websites and online platforms worldwide to go down, returning a "500 Internal Server Error" message. The internet infrastructure ...
TechRadar

Experts warn this 'worst case scenario' React vulnerability could soon be exploited - so patch now

Critical React flaw (CVE-2025-55182) enables pre-auth RCE in React Server Components Affects versions 19.0–19.2.0 and frameworks like Next, React Router, Vite; patches released in 19.0.1, 19.1.2, 19.2 ...
Bitdefender

Technical Advisory: React2Shell Critical Unauthenticated RCE in React (CVE-2025-55182)

TL;DR Ransomware groups are expected to rapidly weaponize this critical (CVSS 10.0) React vulnerability to establish initial access. This vulnerability leads to remote code execution for ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.