325 matches found
CVE-2026-22030
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
SUSE CVE-2026-21884
React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...
SUSE CVE-2026-22029
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...
SUSE CVE-2026-22030
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
Linux Distros Unpatched Vulnerability : CVE-2026-22030
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is...
Linux Distros Unpatched Vulnerability : CVE-2025-68470
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker- supplied path can be crafted so that when a React...
CVE-2025-61686
A security issue was discovered in the react-router/node component of React Router. It is possible for an attacker manipulate an unsigned cookie to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the...
Cross-site Scripting (XSS)
React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the API during server-side rendering when generating keys via the getKey or storageKey props, which allows an attacker to inject and execute arbitrary JavaScript...
Path Traversal
React Router is vulnerable to Path Traversal. The vulnerability is due to the use of createFileSessionStorage with an unsigned cookie, which allows an attacker to manipulate session identifiers to attempt read/write operations outside the intended session file directory, potentially accessing...
Open Redirect
React Router is vulnerable to Open Redirect. The vulnerability is due to unsafe handling of SPA navigation redirects generated from loaders or actions in certain modes, which allows an attacker to inject untrusted redirect URLs and trigger unintended JavaScript execution on the client...
Cross-site Request Forgery
React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...
Linux Distros Unpatched Vulnerability : CVE-2025-59057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exist...
Linux Distros Unpatched Vulnerability : CVE-2026-22029
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open...
PT-2026-2346
Warning: Multiple High Severity Vulnerabilities in React-Router. CVE-2025-61686, CVE-2026-22029, CVE-2026-59057 & others. Attackers can read sensitive files or hijack sessions! Patch Patch Patch More info: https://t.co/jRGNAD4XZZ...
CVE-2025-59057
React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...
CVE-2025-68470
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...
CVE-2026-22029
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...
CVE-2026-22030
CVE-2026-22030 affects React Router in combination with Remix v2 server runtime in Framework Mode or with React Server Actions (RSC). The vulnerability allows CSRF on document POST requests to UI routes when using server-side route actions, with no impact in Declarative Mode () or Data Mode (crea...
CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...