Share
## https://sploitus.com/exploit?id=SAINT:7C361ABBA8314CA1AA40F3438C06ECA1
Added: 02/04/2026  


### Background

React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. 

### Problem

A vulnerability in React Native Community CLI when running with the Metro development server could allow remote attackers to execute arbitrary commands via a POST request to the `**open-url**` endpoint. 

### Resolution

Update `**@react-native-community/cli-server-api**` to version 20.0.0 or higher in each react-native project. 

### References

https://jfrog.com/blog/cve-2025-11953-critical-react-native-community-cli-vulnerability/   


### Platforms

Windows  
Linux