===== Critical Security Vulnerability in React Server Components =====

**@channel**

You may have already heard about the serious security issue called **React2Shell**.

Quick summary:

  * Attackers can **execute code from the client into the server (SSR)**
  * No authentication required
  * Severity level: **10/10 (critical)**

This vulnerability comes from:

  * **Server Side Rendering (SSR)**
  * in **React Server Components (Next.js)**


----

===== Impact =====

Your project may be affected if it:

  * Uses **React Server Components**
  * Has **SSR enabled**
  * OR even **installed but SSR is not enabled**

**THERE IS STILL RISK OF EXPLOITATION**

Please review your projects carefully.


----

===== Required Action =====

If your project uses the above features:

  * Update to the latest patched version immediately
  * Follow the official security instructions


----

===== References =====

  * Vulnerability report: https://react2shell.com/
  * Action required: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components