May 8, 2026
React, panic, repeat
The React2Shell Story
A late-night code rabbit hole turned into a web-wide scare — and the comments ate it up
TLDR: A researcher chasing a strange web feature uncovered a serious flaw that could affect millions of sites, then worked with major companies to fix it fast. In the comments, people were split between amazement at the speed, praise for the teamwork, and delight at the story’s meme-worthy emotional chaos.
What started as one hacker’s obsession-fueled all-nighter quickly turned into the kind of internet thriller commenters live for: a curious deep dive into a weird React data system ended with a major flaw that reportedly put millions of websites at risk. And honestly? The crowd sounds equal parts impressed, horrified, and deeply entertained. The biggest mood in the replies is basically: how on earth did this happen so fast? One commenter was stunned that the whole thing — discovery, report, and confirmation — happened in under a day, calling it “incredible.” That sense of breathless speed gave the story a real “movie montage” energy.
But the real fan-favorite detail wasn’t even the bug itself — it was the emotional rollercoaster. One reader shouted out the now-iconic “we are so back” vs. “it’s so over” graph, which perfectly captured the chaos of chasing a hidden flaw through undocumented code. That joke became the unofficial meme of the thread: the classic hacker spiral of “This is nothing… wait, no, this is huge… no, maybe not… WAIT.” Even the normally serious security angle got a rare warm-and-fuzzy subplot when Next.js creator Guillermo Rauch praised the researcher as “a dream” to work with, turning what could’ve been a blame game into a surprisingly wholesome team-up with Meta.
And because the internet can never resist a tiny nitpick, one commenter popped in with the most delightfully nerdy coda possible: great post, wrong file link. A world-scale scare, a dramatic rescue, and yes — someone still checked the hyperlink.
Key Points
- •The article says a researcher’s attempt to understand React’s Flight protocol led to the discovery of React2Shell, described as a critical vulnerability affecting millions of websites.
- •The investigation began on 24 November 2025 while the author was examining unusual request formats used by Next.js applications with React server-side features.
- •Next.js is described as using React Server Components and React Server Functions to enable server rendering and server-side JavaScript invocation from client interactions.
- •The article states that Flight had little formal documentation at the time, making it difficult even to identify the protocol by name.
- •Flight is explained as a JSON-based but extended protocol that supports chunked messages, complex data types, references, and asynchronous values such as Promises.