Intrusion PreventionReact.Server.Components.react-flight.Remote.Code.Execution
Description
This indicates an attack attempt to exploit an Remote Code Execution Vulnerability in React Server Components.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to remote code execution.
Outbreak Alert
React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific vulnerable versions of Next.js. A remote attacker can craft a malicious RSC request that triggers server-side deserialization, leading to arbitrary code execution without authentication or user interaction.
Affected Products
React Server Component react-server-dom-webpack 19.0, 19.1.0, 19.1.1, and 19.2.0
React Server Component react-server-dom-parcel 19.0, 19.1.0, 19.1.1, and 19.2.0
React Server Component react-server-dom-turbopack 19.0, 19.1.0, 19.1.1, and 19.2.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor:
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 59644 |
| Created | Dec 05, 2025 |
| Updated | Mar 11, 2026 |
| CVE ID | |
| Tags | React2Shell RCE Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 65.08% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, MacOS |
| Affected App | Other |
| Profile Type | Permission/Privilege/Access Control |