Vercel现已提供React2Shell漏洞自动化补丁

Vercel Agent now detects vulnerable packages in your project, and automatically generates pull requests with fixes to upgrade them to patched versions.

Powered by Vercel's self-driving infrastructure, these auto-fix upgrades are available at no cost and help teams stay secure with minimal manual effort.

Automatic detection of vulnerable React, Next.js, and related RSC packages
Automatic PR creation
Full execution and verification of updates inside isolated Sandbox environments
Preview links generated with PR, to manually validate updates

About React2Shell React2Shell (CVE-2025-55182) is a critical remote code execution vulnerability in React Server Components that affects React 19 and frameworks that use it like Next.js. Specially crafted requests can trigger unintended code execution if your application is running a vulnerable version. Immediate upgrades are required for all projects using affected React and Next.js releases.

Get the latest updates on React2Shell or view the new dashboard here.