Hacker News is a community-driven platform for sharing and discussing technology news, startups, and programming-related topics. Through user submissions and comments, Hacker News offers insights into emerging technology trends, industry developments, and entrepreneurial ventures. Readers can participate in discussions, share their insights, and stay informed about the latest advancements in technology and innovation.

Hacker News

A remote code execution vulnerability (CVE-2025-55182) has been discovered in React Server Components packages versions 19.0.0 through 19.2.0, affecting Next.js 15.x and 16.x applications using the App Router. The vulnerability impacts react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack packages. Patches are available in React 19.0.1, 19.1.2, 19.2.1 and Next.js versions 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, and 16.0.7. Users should upgrade immediately to patched versions.

RCE in React Server Components

Arnaud Fischer

<p>As always:</p>
<p><img src="https://media.daily.dev/image/upload/s--8geSJjdB--/f_auto/v1764808380/ugc/content_59ea1f60-0b96-4e00-b242-004fa7eb4dc5?_a=BAMAK+ZW0" alt="nairaman-pg13"></p>
