CISA emergency patch deadline for React2Shell
Public Sector Action
Summary
Hide ▲
Show ▼
CISA urged federal agencies to patch React2Shell by December 12, 2025, tightening the remediation window while widespread exploitation is underway. The directive matters because the flaw enables privileged JavaScript execution on affected servers and has already been added to the Known Exploited Vulnerabilities catalog. The action turns an active vulnerability into an immediate federal remediation priority.
Related Happenings
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector Action
First: 15.05.2026 08:28
Last: 15.05.2026 08:28
Sources 1
About this happening:
**CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector Action
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector ActionAbout this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector Action
First: 03.05.2026 09:26
Last: 03.05.2026 09:26
Sources 1
About this happening:
CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV action for CVE-2026-31431 and FCEB remediation
Public Sector ActionAbout this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector Action
First: 17.04.2026 12:30
Last: 17.04.2026 12:30
Sources 1
About this happening:
**CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
CISA KEV listing and FCEB ActiveMQ patch order
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...
CISA adds CVE-2026-33634 to KEV and orders FCEB mitigations
Public Sector Action
First: 13.04.2026 09:50
Last: 13.04.2026 09:50
Sources 1
About this happening:
**CISA** added **CVE-2026-33634** to its **Known Exploited Vulnerabilities (KEV) catalog**, requiring **Federal Civilian Executive Branch (FCEB)** agencies to apply mitigations by...
CISA adds CVE-2026-33634 to KEV and orders FCEB mitigations
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-33634** to its **Known Exploited Vulnerabilities (KEV) catalog**, requiring **Federal Civilian Executive Branch (FCEB)** agencies to apply mitigations by...
Timeline
-
12.12.2025 10:41 1 articles · 5mo ago
React2Shell is publicly disclosed
Initial DisclosureCVE-2025-55182, also known as React2Shell, was publicly disclosed on December 3, 2025 as a critical React Server Components (RSC) Flight protocol flaw with a CVSS score of 10.0, and it was identified as affecting React and related frameworks including Next.js, Waku, Vite, React Router, and RedwoodSDK.
Show sources
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41
-
12.12.2025 10:41 1 articles · 5mo ago
Kaspersky records mass exploitation attempts
Exploitation ObservedKaspersky honeypot data recorded over 35,000 exploitation attempts on December 10, 2025, with attackers first probing the system by running commands like whoami before dropping cryptocurrency miners or botnet malware families such as Mirai/Gafgyt variants and RondoDox.
Show sources
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41
-
12.12.2025 10:41 1 articles · 5mo ago
Cloudflare, Wiz, and Shadowserver map broad exposure
Campaign Scope UpdateCloudflare, Wiz, and The Shadowserver Foundation reported broad scanning and opportunistic exploitation against React and Next.js systems, with more than 137,200 internet-exposed IP addresses running vulnerable code as of December 11, 2025 and especially dense probing in Taiwan, Xinjiang Uyghur, Vietnam, Japan, and New Zealand, alongside selective targeting of government, academic, and critical-infrastructure operators.
Show sources
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41
-
12.12.2025 10:41 2 articles · 5mo ago
CISA accelerates federal patching deadline
Legal Policy Action UpdateCISA urged federal agencies to patch the affected React2Shell vulnerability by December 12, 2025 and revised the earlier federal remediation deadline after reports of widespread exploitation of CVE-2025-55182, which had also been added to the Known Exploited Vulnerabilities catalog.
Show sources
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41
- React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation — thehackernews.com — 12.12.2025 10:41