React Native Community CLI remote command execution

Added: 02/04/2026

Background

React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications.

Problem

A vulnerability in React Native Community CLI when running with the Metro development server could allow remote attackers to execute arbitrary commands via a POST request to the open-url endpoint.

Resolution

Update @react-native-community/cli-server-api to version 20.0.0 or higher in each react-native project.

References

https://jfrog.com/blog/cve-2025-11953-critical-react-native-community-cli-vulnerability/

Platforms

Windows
Linux

Back to exploit index