CVE-2026-34077
A flaw was found in React Router versions 7.7.0 through 7.13.1. When using the unstable React Server Components RSC APIs, insufficient sanitization of redirect targets allows client-side cross-site scripting if redirects originate from untrusted sources. An attacker could inject script that...