The React2Shell Story and What Happened Next.js
Summary
Two security researchers recount the discovery of a remote code execution vulnerability in React Server Components (CVE-2025-55182), the path to public disclosure, and subsequent WAF bypass challenges on Cloudflare and Vercel. The post highlights technical details, bug bounty dynamics, and the evolving landscape of platform mitigations.