Cloudflare WAF proactively protects against React vulnerability

**Critical RCE in React/Next.js (CVE-2025-55182)** — Cloudflare announced protections against a Remote Code Execution vulnerability impacting React 19.0–19.2 and Next.js 15–16 (CVSS 10.0). Cloudflare deployed Managed Rules (IDs: 33aa8a8a948b48b28d40450c5fb92fba and 2b5d06e34a814a889bee9a0699702280) with a default Block action across free and paid plans for traffic proxied through the WAF, advised upgrading to React 19.2.1 and Next.js 16.0.7/15.5.7/15.4.8, and reported no observed exploitation since deployment.