CVSS 10 bug in React, Next.js triggers security klaxons

Pre-auth RCE, trivial exploitation, a massive blast radius...

Edward Targett

Dec 03, 2025 - 3 min read

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Already a member? Sign in

Success! You now have access to additional content.