Could you please check whether the React version used by Shopify is affected by the vulnerability CVE-2025-55182 (React2Shell)?

user279 · December 15, 2025, 2:07pm

Dylan · December 15, 2025, 3:36pm

To clarify, React2Shell affected React Server Components, not client side React.

Components like React Polaris would be unaffected, that is a clientside library.

If you’re using the Remix template to host your app, then you’ll need to check for the React server DOM package and make sure it’s patched.

Topic		Replies	Views
What’s the best tech stack to handle forms and validation in a Shopify app in 2025? Polaris	2	106	September 10, 2025
Shopify-app-template-remix still NOT using web components Polaris	2	120	October 8, 2025
Shopify MCP Sample Error (React-Router) MCP & LLM	2	24	January 5, 2026
Is Polaris Web Components mandatory for Shopify apps? Can I use TailwindCSS and Other Libraries in a React Router app? Dev Platform dev-stores , dev-dashboard , app-deployment	2	56	December 5, 2025
How to debug React/Polaris app in admin App Bridge app-bridge , polaris	9	144	February 24, 2025