React got hacked. It's really, really bad.
Summary
A critical security vulnerability was discovered in React, affecting versions 19 through 19.2, which allows remote code execution through server component flight protocol exploitation. The CVE received a maximum severity score of 10, making it one of the most serious web exploits in recent history, with potential for significant damage to web applications. Major web providers like Cloudflare and Vercel have implemented firewall mitigations, but developers are strongly advised to update to the latest React version to protect against potential attacks. The incident highlights the importance of rapid response and collaboration within the tech industry to mitigate cybersecurity risks.