Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Posted on February 3, 2026

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular “@react-native-community/cli” npm package.
Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary

Leave a Reply Cancel reply

Related Posts

Is Surfshark One Worth It? [Honest ANSWER]

How to Scale Your MSP from a Firm That Grew Revenue 440%

Healthy Security Cultures Thrive on Risk Reporting

Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising Cyber Threats