🌐 Frontend & Web

[RCE Vulnerability] React Server Functions/Next.js Exploited – Deno Deploy Safe

A researcher cracks open React's Server Functions, unleashing remote code execution on Next.js apps. Deno Deploy dodged the bullet with instant mitigations – but Vercel users? Patch fast.

Dev Digest Apr 14, 2026 4 min read
Code terminal displaying React Server Functions RCE exploit warning with Deno Deploy shield icon

⚡ Key Takeaways

  • Critical RCE (CVE-2025-55182) and DoS (CVE-2025-55184) hit React Server Functions and Next.js App Router. 𝕏
  • Deno Deploy auto-mitigated at runtime; other hosts must patch libraries urgently. 𝕏
  • Vulnerability stems from lax RSC serialization; upgrade to fixed versions now. 𝕏
Jordan Kim
Written by

Jordan Kim

Cloud and infrastructure correspondent. Covers Kubernetes, DevOps tooling, and platform engineering.

#Deno Deploy #nextjs-vulnerability #rce-cve #react-19 #react-server-functions
More in Frontend & Web →

Worth sharing?

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by Deno Blog

Related Stories

📬

Stay in the loop

The week's most important stories from Dev Digest, delivered once a week.

No spam. Unsubscribe any time.