1 min read
Vercel Agent now detects vulnerable packages in your project, and automatically generates pull requests with fixes to upgrade them to patched versions.
React2Shell: Auto-fix vulnerable projects here
Vercel Agent detects vulnerable packages in your project, and automatically generates pull requests with verified fixes to upgrade them to patched versions.
Auto-fix React2Shell now
Powered by Vercel's self-driving infrastructure, these auto-fix upgrades are available at no cost and help teams stay secure with minimal manual effort.
Automatic detection of vulnerable React, Next.js, and related RSC packages
Automatic PR creation
Full execution and verification of updates inside isolated Sandbox environments
Preview links generated with PR, to manually validate updates
About React2Shell
React2Shell (CVE-2025-55182) is a critical remote code execution vulnerability in React Server Components that affects React 19 and frameworks that use it like Next.js. Specially crafted requests can trigger unintended code execution if your application is running a vulnerable version. Immediate upgrades are required for all projects using affected React and Next.js releases.
Get the latest updates on React2Shell or view the new dashboard here.
React2Shell: Auto-fix vulnerable projects here
Vercel Agent detects vulnerable packages in your project, and automatically generates pull requests with verified fixes to upgrade them to patched versions.
Auto-fix React2Shell now