EUVD-2026-33994

React Router vulnerable to Denial of Service via reflected user input in single-fetch...

GHSA-8646-J5J9-6R62 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources !NOTE This only impacts your application if you are using the unstable RSC APIs in React Router...

CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

PT-2026-45828

Name of the Vulnerable Software and Affected Versions React Router versions 7.7.0 through 7.13.1 React Router versions prior to 7.14.0 Remix versions 2.9.0 and later Description Two distinct issues were identified. First, a client-side Cross-Site Scripting XSS flaw exists in the handling of...

react-router 安全漏洞

react-router is a declarative routing library for React, open-sourced by Remix. Versions 7.7.0 to 7.13.1 of react-router contain security vulnerabilities. These vulnerabilities stem from improper redirection handling when using the unstable RSC API, which may lead to cross-site scripting attacks ...