Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA emergency patch deadline for React2Shell

Public Sector Action
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

CISA urged federal agencies to patch React2Shell by December 12, 2025, tightening the remediation window while widespread exploitation is underway. The directive matters because the flaw enables privileged JavaScript execution on affected servers and has already been added to the Known Exploited Vulnerabilities catalog. The action turns an active vulnerability into an immediate federal remediation priority.

Related Happenings

CISA KEV remediation order for CVE-2026-48907

Public Sector Action
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...

NGINX and Apache HTTPD HTTP/2 Bomb mitigations

Advisory/Mitigation
H score46 First: 03.06.2026 11:33 Last: 03.06.2026 11:33 Sources 1

About this happening: Calif issued mitigation guidance for **NGINX** and **Apache HTTPD** operators after **HTTP/2 Bomb** was found to enable a **remote denial-of-service** against default HTTP/2 confi...

CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182

Public Sector Action
H score59 First: 15.05.2026 08:28 Last: 15.05.2026 08:28 Sources 1

About this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
H score33 First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
H score37 First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Timeline

  1. 12.12.2025 10:41 1 articles · 6mo ago

    React2Shell is publicly disclosed

    Initial Disclosure

    CVE-2025-55182, also known as React2Shell, was publicly disclosed on December 3, 2025 as a critical React Server Components (RSC) Flight protocol flaw with a CVSS score of 10.0, and it was identified as affecting React and related frameworks including Next.js, Waku, Vite, React Router, and RedwoodSDK.

    Show sources
  2. 12.12.2025 10:41 1 articles · 6mo ago

    Kaspersky records mass exploitation attempts

    Exploitation Observed

    Kaspersky honeypot data recorded over 35,000 exploitation attempts on December 10, 2025, with attackers first probing the system by running commands like whoami before dropping cryptocurrency miners or botnet malware families such as Mirai/Gafgyt variants and RondoDox.

    Show sources
  3. 12.12.2025 10:41 1 articles · 6mo ago

    Cloudflare, Wiz, and Shadowserver map broad exposure

    Campaign Scope Update

    Cloudflare, Wiz, and The Shadowserver Foundation reported broad scanning and opportunistic exploitation against React and Next.js systems, with more than 137,200 internet-exposed IP addresses running vulnerable code as of December 11, 2025 and especially dense probing in Taiwan, Xinjiang Uyghur, Vietnam, Japan, and New Zealand, alongside selective targeting of government, academic, and critical-infrastructure operators.

    Show sources
  4. 12.12.2025 10:41 2 articles · 6mo ago

    CISA accelerates federal patching deadline

    Legal Policy Action Update

    CISA urged federal agencies to patch the affected React2Shell vulnerability by December 12, 2025 and revised the earlier federal remediation deadline after reports of widespread exploitation of CVE-2025-55182, which had also been added to the Known Exploited Vulnerabilities catalog.

    Show sources