Critical Command Injection Vulnerability Discovered in React Native

On February 3, 2026, a critical command injection vulnerability (CVE-2025-11953) was identified in the React Native Community CLI's Metro Development Server. This severe flaw allows unauthenticated remote attackers to execute arbitrary code on developer machines, with a staggering CVSS score of 9.8, indicating its critical nature. The vulnerability is reportedly being actively exploited, prompting immediate action from developers to patch their systems. Organizations using React Native are urged to prioritize this fix to safeguard their environments against potential attacks. Read more here.

In a related incident, the Moltbook social media platform for AI agents suffered a significant misconfiguration that resulted in the exposure of its entire production database. This breach has compromised 1.5 million API authentication tokens and other sensitive information, although it has not been assigned an official CVE. This incident underscores vulnerabilities inherent in AI frameworks, warranting a reassessment of security measures in such platforms.

Also In Security Today

CISA Warning on VMware ESXi Vulnerability: CISA has issued a warning regarding a high-severity VM escape vulnerability (CVE-2025-22225) in VMware ESXi. This flaw allows ransomware groups to gain hypervisor control, posing a significant risk for affected organizations. Immediate patching is advised. Learn more.

General Cyber Threat Landscape: The cybersecurity landscape remains precarious, with ongoing exploits of software vulnerabilities and misconfigurations across various sectors. Organizations must enhance their security postures through regular patching and proactive measures. Explore the threats.

Moltbook Database Exposure: The misconfiguration of the Moltbook platform has led to the exposure of sensitive data, including 1.5 million API tokens. This incident highlights critical vulnerabilities in AI systems, necessitating improved security protocols. Details here.

Analyst's Take

Today's significant vulnerabilities reinforce the ongoing war between defenders and attackers in the cybersecurity landscape. The React Native command injection vulnerability, with its high CVSS score, signals an urgent need for developers to implement robust security measures. Organizations must prioritize vulnerability management, conduct routine security audits, and ensure timely patching of critical software to protect against emerging threats. The Moltbook incident serves as a reminder that misconfigurations can lead to severe data breaches, urging a reevaluation of security configurations across platforms.