Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.leanmcp.com/llms.txt

Use this file to discover all available pages before exploring further.

On December 3, 2025, Meta disclosed CVE-2025-55182 — a critical unauthenticated remote code execution vulnerability in React Server Components, commonly known as React2Shell. It’s rated CVSS 10.0, the highest severity possible. An attacker can craft malicious HTTP requests to any Server Function endpoint that, when deserialized by React, achieves remote code execution on the server. Within hours of disclosure, China-nexus threat groups including Earth Lamia and Jackpot Panda were actively exploiting this vulnerability in the wild. CISA added it to their Known Exploited Vulnerabilities list on December 5, 2025.

Are MCPs Affected?

Most MCPs are not affected. Here’s why: The React2Shell vulnerability targets React Server Components (RSC) — a frontend technology. Traditional MCP servers are backend services that expose tools, resources, and prompts over the MCP protocol. They don’t run React, don’t use RSC, and don’t have the vulnerable packages installed. If your MCP is a standard tool server built with LeanMCP, the official MCP SDK, or any backend-only framework — you’re safe. No action required.

When MCPs Are Affected

MCPs become vulnerable when they include a frontend component that uses React Server Components. This specifically applies to:
  • MCP-UI implementations — if you’re rendering interactive UI components using Next.js App Router
  • MCP Apps — the new extension for interactive user interfaces in MCP, especially if built with Next.js
  • ChatGPT Apps built with Next.js — as described in the Vercel blog on running Next.js inside ChatGPT
If your MCP uses Next.js 15.x, 16.x, or Next.js 14.3.0-canary.77+ with React Server Components — you need to patch immediately.

Affected Packages

The vulnerability exists in these React packages:
  • react-server-dom-webpack
  • react-server-dom-parcel
  • react-server-dom-turbopack
And these frameworks that depend on them:
  • Next.js (15.x, 16.x, 14.3.0-canary.77+)
  • React Router (unstable RSC APIs)
  • Waku
  • Expo (RSC features)
  • @vitejs/plugin-rsc

How to Check If You’re Vulnerable

Run an audit on your project: 
npm audit
Or check your dependencies directly: 
npm ls react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack
If you see any of these packages in versions 19.0, 19.1.0, 19.1.1, or 19.2.0 — you’re vulnerable. For Next.js projects, Vercel provides an interactive fix tool: 
npx fix-react2shell-next
This checks your versions and performs the necessary upgrades automatically.

How to Patch

Next.js

Upgrade to the patched version for your release line: 
npm install next@15.0.5   # for 15.0.x
npm install next@15.1.9   # for 15.1.x
npm install next@15.2.6   # for 15.2.x
npm install next@15.3.6   # for 15.3.x
npm install next@15.4.8   # for 15.4.x
npm install next@15.5.7   # for 15.5.x
npm install next@16.0.7   # for 16.0.x
If you’re on Next.js 14.3.0-canary.77 or later canary releases, downgrade to stable 14.x: 
npm install next@14

React Router (unstable RSC APIs)

npm install react@latest react-dom@latest react-server-dom-parcel@latest react-server-dom-webpack@latest @vitejs/plugin-rsc@latest

Other Frameworks

# Waku
npm install react@latest react-dom@latest react-server-dom-webpack@latest waku@latest

# Vite RSC plugin
npm install react@latest react-dom@latest @vitejs/plugin-rsc@latest

# Direct RSC packages
npm install react@latest react-dom@latest react-server-dom-webpack@latest

After Patching

Rotate any environment variables or secrets that may have been exposed if you were running a vulnerable version in production.

Summary

MCP TypeAffected?Action Required
Standard tool servers (LeanMCP, MCP SDK)NoNone
Backend-only MCPsNoNone
MCP-UI with Next.js App RouterYesPatch immediately
MCP Apps with Next.jsYesPatch immediately
ChatGPT Apps with Next.jsYesPatch immediately
There is no workaround for this vulnerability. Upgrading to a patched version is the only fix.

References

MCP Apps Guide

Building interactive UIs

LeanMCP Security

Authentication best practices