Skip to content

Security: CVE-2025-66478 (React2Shell) RCE in Dependencies #500

Open
Open
Security: CVE-2025-66478 (React2Shell) RCE in Dependencies#500
@link1eok

Description

@link1eok
link1eok
opened on Mar 31, 2026

Hello,

This repository contains a critical remote code execution (RCE) vulnerability (https://nextjs.org/blog/CVE-2025-66478, CVSS 10.0) affecting React Server Components.

Required Actions
Immediate Remediation
Update to patched versions:

For Next packages:

json
{
"next": "15.3.6",
}

Sharing this for awareness. Thank you.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions