On December 3, 2025, Meta disclosed CVE-2025-55182 — a critical unauthenticated remote code execution vulnerability in React Server Components, commonly known as React2Shell. It’s rated CVSS 10.0, the highest severity possible. An attacker can craft malicious HTTP requests to any Server Function endpoint that, when deserialized by React, achieves remote code execution on the server.
Within hours of disclosure, China-nexus threat groups including Earth Lamia and Jackpot Panda were actively exploiting this vulnerability in the wild. CISA added it to their Known Exploited Vulnerabilities list on December 5, 2025.
Are MCPs Affected?
Most MCPs are not affected. Here’s why:
The React2Shell vulnerability targets React Server Components (RSC) — a frontend technology. Traditional MCP servers are backend services that expose tools, resources, and prompts over the MCP protocol. They don’t run React, don’t use RSC, and don’t have the vulnerable packages installed.
If your MCP is a standard tool server built with LeanMCP, the official MCP SDK, or any backend-only framework — you’re safe. No action required.
When MCPs Are Affected
MCPs become vulnerable when they include a frontend component that uses React Server Components. This specifically applies to:
- MCP-UI implementations — if you’re rendering interactive UI components using Next.js App Router
- MCP Apps — the new extension for interactive user interfaces in MCP, especially if built with Next.js
- ChatGPT Apps built with Next.js — as described in the Vercel blog on running Next.js inside ChatGPT
If your MCP uses Next.js 15.x, 16.x, or Next.js 14.3.0-canary.77+ with React Server Components — you need to patch immediately.
Affected Packages
The vulnerability exists in these React packages:
react-server-dom-webpackreact-server-dom-parcelreact-server-dom-turbopack
And these frameworks that depend on them:
- Next.js (15.x, 16.x, 14.3.0-canary.77+)
- React Router (unstable RSC APIs)
- Waku
- Expo (RSC features)
- @vitejs/plugin-rsc
How to Check If You’re Vulnerable
Run an audit on your project:
Or check your dependencies directly:
npm ls react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack
How to Patch
Next.js
Upgrade to the patched version for your release line:
If you’re on Next.js 14.3.0-canary.77 or later canary releases, downgrade to stable 14.x:
React Router (unstable RSC APIs)
npm install react@latest react-dom@latest react-server-dom-parcel@latest react-server-dom-webpack@latest @vitejs/plugin-rsc@latest
Other Frameworks
# Waku
npm install react@latest react-dom@latest react-server-dom-webpack@latest waku@latest
# Vite RSC plugin
npm install react@latest react-dom@latest @vitejs/plugin-rsc@latest
# Direct RSC packages
npm install react@latest react-dom@latest react-server-dom-webpack@latest
After Patching
Rotate any environment variables or secrets that may have been exposed if you were running a vulnerable version in production.
Summary
| MCP Type | Affected? | Action Required |
|---|
| Standard tool servers (LeanMCP, MCP SDK) | No | None |
| Backend-only MCPs | No | None |
| MCP-UI with Next.js App Router | Yes | Patch immediately |
| MCP Apps with Next.js | Yes | Patch immediately |
| ChatGPT Apps with Next.js | Yes | Patch immediately |
There is no workaround for this vulnerability. Upgrading to a patched version is the only fix.
References
