An unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC) was recently reported with the highest severity (10.0). Amazon threat intelligence teams report active exploitation attempts by multiple China state-nexus threat groups. The critical vulnerability affects React versions 19.0.0 through 19.2.0 and Next.js versions 15.x and 16.x when using App Router. By Bruno Couriol