How One HTTP Request Can Compromise Your Next.js App — React2Shell Breakdown
This blog breaks down how the React2Shell vulnerability (CVE-2025-55182) abuses insecure deserialization in React Server Components’ Flight protocol to achieve pre-authentication remote code execution, and provides detection, mitigation, and threat-hunting guidance for defenders.