Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
heise online

JavaScript: React moves to its own foundation under the Linux Foundation

The React Foundation has officially started its work. As the team reports, the project is now under the organizational umbrella of the Linux Foundation. As early as October 2025, those responsible had ...