CISA emergency patch deadline for React2Shell
Public Sector Action
Summary
Hide ▲
Show ▼
CISA urged federal agencies to patch React2Shell by December 12, 2025, tightening the remediation window while widespread exploitation is underway. The directive matters because the flaw enables privileged JavaScript execution on affected servers and has already been added to the Known Exploited Vulnerabilities catalog. The action turns an active vulnerability into an immediate federal remediation priority.
Related Happenings
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
NGINX and Apache HTTPD HTTP/2 Bomb mitigations
Advisory/Mitigation
H score46
First: 03.06.2026 11:33
Last: 03.06.2026 11:33
Sources 1
About this happening:
Calif issued mitigation guidance for **NGINX** and **Apache HTTPD** operators after **HTTP/2 Bomb** was found to enable a **remote denial-of-service** against default HTTP/2 confi...
NGINX and Apache HTTPD HTTP/2 Bomb mitigations
Advisory/MitigationAbout this happening: Calif issued mitigation guidance for **NGINX** and **Apache HTTPD** operators after **HTTP/2 Bomb** was found to enable a **remote denial-of-service** against default HTTP/2 confi...
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector Action
H score59
First: 15.05.2026 08:28
Last: 15.05.2026 08:28
Sources 1
About this happening:
**CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector Action
H score33
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector ActionAbout this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
H score37
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
Timeline
-
12.12.2025 10:41 1 articles · 6mo ago
React2Shell is publicly disclosed
Initial DisclosureCVE-2025-55182, also known as React2Shell, was publicly disclosed on December 3, 2025 as a critical React Server Components (RSC) Flight protocol flaw with a CVSS score of 10.0, and it was identified as affecting React and related frameworks including Next.js, Waku, Vite, React Router, and RedwoodSDK.
Show sources
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41
-
12.12.2025 10:41 1 articles · 6mo ago
Kaspersky records mass exploitation attempts
Exploitation ObservedKaspersky honeypot data recorded over 35,000 exploitation attempts on December 10, 2025, with attackers first probing the system by running commands like whoami before dropping cryptocurrency miners or botnet malware families such as Mirai/Gafgyt variants and RondoDox.
Show sources
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41
-
12.12.2025 10:41 1 articles · 6mo ago
Cloudflare, Wiz, and Shadowserver map broad exposure
Campaign Scope UpdateCloudflare, Wiz, and The Shadowserver Foundation reported broad scanning and opportunistic exploitation against React and Next.js systems, with more than 137,200 internet-exposed IP addresses running vulnerable code as of December 11, 2025 and especially dense probing in Taiwan, Xinjiang Uyghur, Vietnam, Japan, and New Zealand, alongside selective targeting of government, academic, and critical-infrastructure operators.
Show sources
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41
-
12.12.2025 10:41 2 articles · 6mo ago
CISA accelerates federal patching deadline
Legal Policy Action UpdateCISA urged federal agencies to patch the affected React2Shell vulnerability by December 12, 2025 and revised the earlier federal remediation deadline after reports of widespread exploitation of CVE-2025-55182, which had also been added to the Known Exploited Vulnerabilities catalog.
Show sources
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41