窓の杜

「React」「Next.js」に重大なリモートコード実行の脆弱性、CVSSの基本 ...

UIライブラリ「React」(React.js)および「Next.js」で、認証なしにリモートコード実行が可能になる重大なセキュリティ脆弱性「CVE-2025-55182」が存在することが明らかになった。この脆弱性は「React2Shell」とも呼ばれており、CVSSの基本値は満点の「10.0」。
InfoWorld

Next.js 16 features explicit caching, AI-powered debugging

Vercel’s React framework for building full-stack web applications gets an upgrade in Next.js 16, with more explicit caching and AI-based debugging, among other features. Announced October 21, Next.js ...
TechRadar

Critical security flaw in Next.js could spell big trouble for JavaScript users

Experts have warned there is a critical severity flaw in the Next.js open source web development framework which allows threat actors to bypass authorization checks. Security researcher Rachid.A from ...
Infosecurity-magazine.com

NCSC Urges Users to Patch Next.js Flaw Immediately

The UK’s leading cybersecurity agency has urged users of a popular open source web development framework to patch a critical vulnerability immediately. The National Cyber Security Centre (NCSC) warned ...