4 matches found
CVE-2026-22030
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
Cross-site Request Forgery
React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...
CVE-2026-22030
CVE-2026-22030 affects React Router in combination with Remix v2 server runtime in Framework Mode or with React Server Actions (RSC). The vulnerability allows CSRF on document POST requests to UI routes when using server-side route actions, with no impact in Declarative Mode () or Data Mode (crea...
React Router has CSRF issue in Action/Server Action Request Processing
React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...