Check & Patch React2Shell Now: Vulnerable React/Next.js Versions Exposed (Docker Command Included)
React2Shell is breaking out, and numerous React/Next.js servers have been compromised. I've handled quite a few cases lately, so I'm writing this guide for everyone to self-check and update immediately before it's too late.
1. Signs of Server Compromise
If you observe abnormal CPU spikes and the presence of strange processes like kdevtmpfsi, kinsing, or unknown character strings, there's a high likelihood the server has been exploited. Additionally, check for newly created files in /tmp or cron logs after November 29, 2025, to detect suspicious files installed by the attacker.
2. Checking the Docker Environment
Anyone running Node/React using Docker can quickly scan all containers with the following command:
docker ps -q | xargs -I {} sh -c 'docker exec {} npm list react' 2>/dev/null3. Vulnerable Versions
- React: 19.0.0, 19.1.0, 19.1.1, 19.2.0
- Next.js: 15.x, 16.x, 14.3.0-canary.77 and above
- Canary: Versions from 14.3.0-canary.77 and up are all unsafe.
Safe versions are already available, including React 19.0.1 and above, and Next.js from 15.0.5, 15.1.9, 15.2.6... and 16.0.7.
4. Safe Remediation Steps
- Immediately back up all data.
- Update React/Next.js to the latest patched version.
- If the server shows signs of compromise, updating alone is insufficient. The most thorough method is to reinstall the operating system from a clean source and then restore from a clean backup.
The React2Shell vulnerability is spreading very quickly, so everyone should check soon to avoid the risk of data loss or silent backdoor installation. It is better to proactively secure your systems than to wait until the server is overloaded to deal with it.
#devshare #security #React2shell #React2Shell
Chia sẻ bài viết
Bình luận
Chia sẻ cảm nghĩ của bạn về bài viết này.