The React2Shell Story
Summary
A detailed narrative about React2Shell, a remote code execution vulnerability in Next.js/React Flight (CVE-2025-55182). The post recounts the discovery, exploitation ideas, the disclosure to Meta, and the collaboration with researchers, highlighting the attack surface in Flight and React internals and the steps taken to patch and defend against such chains.