Threat actors have been observed exploiting a critical
security flaw impacting the Metro Development Server in the popular
"@react-native-community/cli" npm package. Cybersecurity company
VulnCheck said it first observed exploitation of CVE-2025-11953
(aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8,
the vulnerability allows remote unauthenticated attackers to
execute arbitrary
Read more https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html
