Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cloudflare WAF protections for React2Shell (CVE-2025-55182)

Advisory/Mitigation
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

Cloudflare rolled out WAF protections for CVE-2025-55182 / React2Shell, a mitigation aimed at reducing unauthenticated RCE risk across React deployments. The action came soon after the vulnerability was publicly disclosed on December 3, 2025, as operators rushed to contain exposure. Because React is widely used, the defensive change mattered for a broad internet-facing application base.

Related Happenings

Cisco security patch release for CVE-2026-20182

Security Patch Release
First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

CISA KEV order for CVE-2026-3055 on Citrix appliances

Public Sector Action
First: 31.03.2026 10:05 Last: 31.03.2026 10:05 Sources 1

About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...

Open Happening

F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)

Vulnerability
First: 30.03.2026 10:07 Last: 30.03.2026 10:07 Sources 1

About this happening: **CVE-2025-53521** is being **actively exploited** against **F5 BIG-IP APM** deployments, creating **unauthenticated remote code execution** risk for exposed systems. The flaw aff...

Open Happening

Windchill and FlexPLM deserialization RCE (CVE-2026-4681)

Vulnerability
First: 25.03.2026 01:04 Last: 25.03.2026 01:04 Sources 1

About this happening: **CVE-2026-4681** is a critical **deserialization** flaw in **PTC Windchill** and **FlexPLM** that could enable **remote code execution** across most supported versions. PTC says...

Open Happening

Timeline

  1. 05.12.2025 17:12 2 articles · 5mo ago

    Cloudflare rolls out WAF protections for React2Shell

    Mitigation Patch Update

    Cloudflare rolled out web application firewall (WAF) protections for CVE-2025-55182, also called React2Shell, after the unauthenticated remote code execution flaw in React became public on December 3, 2025. The mitigation was aimed at reducing exposure for Cloudflare customers and internet-facing React deployments.

    Show sources
    Open in new tab
  2. 05.12.2025 17:12 1 articles · 5mo ago

    Cloudflare investigates outage reports tied to a WAF parsing change

    Victim Impact Update

    On December 5, 2025 at 08:56 UTC, Cloudflare started investigating issues after a change to how its Web Application Firewall parses requests caused its network to be unavailable for several minutes. A fix was rolled out within about half an hour, and outage reports surfaced from Zoom, LinkedIn, Coinbase, DoorDash, and Canva.

    Show sources
    Open in new tab