Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of attacker-supplied navigation paths, which allows an attacker to craft a malicious path that forces the application to redirect users to an external, potentially malicious URL...

CVE-2025-68470 React Router has unexpected external redirect via untrusted paths

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

CVE-2025-68470

CVE-2025-68470 affects React Router (versions 6.0.0–6.30.1 and 7.0.0–7.9.5). An attacker-supplied path can cause a navigation/redirect to an external URL when navigating via navigate(), Link, or redirect(), if untrusted content is used in navigation paths. The issue is addressed in React Router b...

GHSA-9JCX-V3WJ-WH4M React Router has unexpected external redirect via untrusted paths

An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code...