Next.js RCE Vulnerability Research Lab
React Server Components Flight Protocol Deserialization
Unauthenticated Remote Code Execution
Unsafe deserialization of Flight protocol payloads allows prototype pollution
Crafted HTTP requests to Server Function endpoints
Arbitrary code execution with server privileges