窓の杜

「React」「Next.js」に重大なリモートコード実行の脆弱性、CVSSの基本 ...

UIライブラリ「React」(React.js)および「Next.js」で、認証なしにリモートコード実行が可能になる重大なセキュリティ脆弱性「CVE-2025-55182」が存在することが明らかになった。この脆弱性は「React2Shell」とも呼ばれており、CVSSの基本値は満点の「10.0」。
Security Boulevard

CVE-2026-23870: Imperva Customers Protected Against Critical React Server Components DoS ...

TL;DR: A newly disclosed denial-of-service vulnerability, CVE-2026-23870, impacts React Server Components and dependent frameworks, including Next.js App Router deployments. The flaw enables ...
InfoWorld

Next.js 16 features explicit caching, AI-powered debugging

Vercel’s React framework for building full-stack web applications gets an upgrade in Next.js 16, with more explicit caching and AI-based debugging, among other features. Announced October 21, Next.js ...
Infosecurity-magazine.com

NCSC Urges Users to Patch Next.js Flaw Immediately

The UK’s leading cybersecurity agency has urged users of a popular open source web development framework to patch a critical vulnerability immediately. The National Cyber Security Centre (NCSC) warned ...