Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/13 10:46 p.m.6 views

CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References4
Veracode
Veracode
added 2026/01/12 8:26 a.m.3 views

Cross-site Request Forgery

React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...

6.5CVSS6.7AI score0.00128EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/01/10 2:42 a.m.25 views

CVE-2026-22030

CVE-2026-22030 affects React Router in combination with Remix v2 server runtime in Framework Mode or with React Server Actions (RSC). The vulnerability allows CSRF on document POST requests to UI routes when using server-side route actions, with no impact in Declarative Mode () or Data Mode (crea...

6.5CVSS6.5AI score0.00128EPSS
Exploits0References1Affected Software2
Github Security Blog
Github Security Blog
added 2026/01/08 8:57 p.m.10 views

React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

6.5CVSS5.5AI score0.00128EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder