Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

By rooter February 3, 2026

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular “@react-native-community/cli” npm package.
Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

By rooter

Leave a Reply Cancel reply

You Missed

Training Brochure 2026

Zach Cregger’s ‘Resident Evil’ Looks Way Different Than We Were Expecting

Tens of Millions From Texas to Maine in the Path of Severe Storms and Possible Tornadoes

Cyber Essentials Checklist

Oh hi there 👋It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

Oh hi there 👋It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

By rooter

Related Post

Leave a Reply Cancel reply

You Missed

Oh hi there 👋
It’s nice to meet you.

Oh hi there 👋
It’s nice to meet you.