窓の杜

「React」「Next.js」に重大なリモートコード実行の脆弱性、CVSSの基本 ...

UIライブラリ「React」(React.js)および「Next.js」で、認証なしにリモートコード実行が可能になる重大なセキュリティ脆弱性「CVE-2025-55182」が存在することが明らかになった。この脆弱性は「React2Shell」とも呼ばれており、CVSSの基本値は満点の「10.0」。
GIGAZINE

A critical vulnerability in Next.js that has existed for several years has allowed hackers ...

A critical vulnerability has been discovered in Next.js, an open source web development framework, that could allow an attacker to bypass authentication checks. Next.js is a React framework for ...
Security Boulevard

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS ...

TL;DR: A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables ...