> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leanmcp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Mitigating React Server Component CVE

> Security deep dive - protecting MCP apps from React Server Component vulnerabilities

On December 3, 2025, Meta disclosed [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182) — a critical unauthenticated remote code execution vulnerability in React Server Components, commonly known as **React2Shell**. It's rated CVSS 10.0, the highest severity possible. An attacker can craft malicious HTTP requests to any Server Function endpoint that, when deserialized by React, achieves remote code execution on the server.

Within hours of disclosure, China-nexus threat groups including Earth Lamia and Jackpot Panda were actively exploiting this vulnerability in the wild. CISA added it to their Known Exploited Vulnerabilities list on December 5, 2025.

***

## Are MCPs Affected?

**Most MCPs are not affected.** Here's why:

The React2Shell vulnerability targets React Server Components (RSC) — a frontend technology. Traditional MCP servers are backend services that expose tools, resources, and prompts over the MCP protocol. They don't run React, don't use RSC, and don't have the vulnerable packages installed.

If your MCP is a standard tool server built with LeanMCP, the official MCP SDK, or any backend-only framework — you're safe. No action required.

***

## When MCPs Are Affected

MCPs become vulnerable when they include a **frontend component** that uses React Server Components. This specifically applies to:

* **MCP-UI implementations** — if you're rendering interactive UI components using Next.js App Router
* **MCP Apps** — the new extension for interactive user interfaces in MCP, especially if built with Next.js
* **ChatGPT Apps built with Next.js** — as described in the [Vercel blog on running Next.js inside ChatGPT](https://vercel.com/blog/running-next-js-inside-chatgpt)

If your MCP uses Next.js 15.x, 16.x, or Next.js 14.3.0-canary.77+ with React Server Components — you need to patch immediately.

### Affected Packages

The vulnerability exists in these React packages:

* `react-server-dom-webpack`
* `react-server-dom-parcel`
* `react-server-dom-turbopack`

And these frameworks that depend on them:

* **Next.js** (15.x, 16.x, 14.3.0-canary.77+)
* **React Router** (unstable RSC APIs)
* **Waku**
* **Expo** (RSC features)
* **@vitejs/plugin-rsc**

***

## How to Check If You're Vulnerable

Run an audit on your project:

```bash theme={null}
npm audit
```

Or check your dependencies directly:

```bash theme={null}
npm ls react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack
```

If you see any of these packages in versions 19.0, 19.1.0, 19.1.1, or 19.2.0 — you're vulnerable.

For Next.js projects, Vercel provides an interactive fix tool:

```bash theme={null}
npx fix-react2shell-next
```

This checks your versions and performs the necessary upgrades automatically.

***

## How to Patch

### Next.js

Upgrade to the patched version for your release line:

```bash theme={null}
npm install next@15.0.5   # for 15.0.x
npm install next@15.1.9   # for 15.1.x
npm install next@15.2.6   # for 15.2.x
npm install next@15.3.6   # for 15.3.x
npm install next@15.4.8   # for 15.4.x
npm install next@15.5.7   # for 15.5.x
npm install next@16.0.7   # for 16.0.x
```

If you're on Next.js 14.3.0-canary.77 or later canary releases, downgrade to stable 14.x:

```bash theme={null}
npm install next@14
```

### React Router (unstable RSC APIs)

```bash theme={null}
npm install react@latest react-dom@latest react-server-dom-parcel@latest react-server-dom-webpack@latest @vitejs/plugin-rsc@latest
```

### Other Frameworks

```bash theme={null}
# Waku
npm install react@latest react-dom@latest react-server-dom-webpack@latest waku@latest

# Vite RSC plugin
npm install react@latest react-dom@latest @vitejs/plugin-rsc@latest

# Direct RSC packages
npm install react@latest react-dom@latest react-server-dom-webpack@latest
```

### After Patching

Rotate any environment variables or secrets that may have been exposed if you were running a vulnerable version in production.

***

## Summary

| MCP Type                                 | Affected? | Action Required   |
| ---------------------------------------- | --------- | ----------------- |
| Standard tool servers (LeanMCP, MCP SDK) | No        | None              |
| Backend-only MCPs                        | No        | None              |
| MCP-UI with Next.js App Router           | Yes       | Patch immediately |
| MCP Apps with Next.js                    | Yes       | Patch immediately |
| ChatGPT Apps with Next.js                | Yes       | Patch immediately |

<Warning>
  There is no workaround for this vulnerability. Upgrading to a patched version is the only fix.
</Warning>

## References

* [CVE-2025-55182 (React)](https://www.cve.org/CVERecord?id=CVE-2025-55182)
* [CVE-2025-66478 (Next.js)](https://nextjs.org/blog/CVE-2025-66478)
* [React Security Advisory](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components)
* [Vercel: Running Next.js inside ChatGPT](https://vercel.com/blog/running-next-js-inside-chatgpt)

<CardGroup cols={2}>
  <Card title="MCP Apps Guide" icon="window" href="/guides/mcp-apps">
    Building interactive UIs
  </Card>

  <Card title="LeanMCP Security" icon="shield" href="/guides/auth-and-payment">
    Authentication best practices
  </Card>
</CardGroup>