Back to directory

WRITEUP #6602

Critical Remote Code Execution (RCE) Vulnerabilities in React and Next.js

CVE ResearchRCEDeserialization

byLachlan Davidson

Program

Meta Bug Bounty

Published

Dec 3, 2025

Added to HackDex

Mar 18, 2026

Read Full Writeuphttps://www.endorlabs.com/learn/critical-remote-code-execution-rce-vulnerabilities-in-react-and-next-js

▸ RELATED WRITEUPS

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

Built with ❤️ by Shubham Rawat