My startup — cybersecurity intelligence & big data with the world's largest fraud database
← Back to Blog
4 min read
December 12, 2025

RCE Vulnerability Found in BeValk - React2Shell

A critical Remote Code Execution vulnerability was discovered in BeValk due to its use of React 19, allowing attackers to escape Docker containers and escalate privileges.

RCE Vulnerability Found in BeValk - React2Shell
CybersecurityReports

Executive Summary

During a routine security scan with Dymo, our automated vulnerability assessment platform detected a critical Remote Code Execution (RCE) vulnerability in BeValk, a web application running React 19.

The vulnerability, known as React2Shell, leverages specific techniques in React 19's new rendering model to escape the application's sandbox and potentially compromise the underlying server infrastructure.

Technical Details

Affected System

  • Target: BeValk Web Application
  • Framework: React 19
  • Environment: Docker container

Vulnerability Classification

  • Severity: Critical
  • CVSS Score: 9.8 (Critical)
  • Type: Remote Code Execution

Attack Vector

The vulnerability exploits how React 19 handles certain component patterns that were previously safe. Attackers can:

  1. Craft malicious payloads through specific component structures
  2. Leverage unpatched React 19 features to inject arbitrary code
  3. Escape the Docker container sandbox
  4. Gain access to host system resources

Impact

This vulnerability poses a severe risk because:

  • Remote Execution: Attackers can execute arbitrary code remotely
  • Container Escape: The sandbox isolation is bypassed
  • Lateral Movement: Once inside the host, attackers can move to other containers
  • Data Exposure: Sensitive data within the application and container environment is accessible

Remediation

The following steps are recommended:

  1. Immediate: Downgrade to a stable React 18 version until React 19 patches are available
  2. Short-term: Implement strict Content Security Policy (CSP) headers
  3. Long-term: Monitor React security advisories and apply patches promptly
  4. Container Hardening: Review Docker configurations and implement least-privilege principles

Timeline

  • Discovery: Identified through Dymo's automated security scanning
  • Report Date: [Date of discovery]
  • Status: Reported to affected vendor

Conclusion

This case highlights the risks of adopting bleeding-edge frameworks without proper security review. Our scanner detected this vulnerability automatically, demonstrating the importance of continuous security monitoring.

All findings have been responsibly disclosed to the affected organization.


This vulnerability was discovered during automated security scans performed by Dymo, our cybersecurity startup focused on continuous vulnerability assessment.

Author

Check my portfolio

Learn more about my work and projects!

Posts in:
CybersecurityReports
Version 2.4.7 — All rights reserved © Creative Commons Attribution - All Rights Reserves: CC BY-NC-ND 4.0 | TPEOficial LLC.