Security researcher Rachid.A from Zhero Web Security posted an in-depth analysis of the findings, with the vulnerability tracked as CVE-2025-29927, and receiving a severity score of 9.1/10 (critical).
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results