React2Shell Security Bulletin
React2Shell is the critical security vulnerability documented in the Vercel Security Bulletin (tracked as CVE-2025-55182) that impacts React Server Components (RSC), the core server-rendering portion of React and frameworks that embed it (e.g., Next.js). It was publicly disclosed in early December 2025 and immediately began being actively exploited in the wild.
