MeldSecurity
Press Enter to search
CVE Database & Search β†’
Sign In Get Started

CVE-2026-22029

πŸ”΄ HIGH

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from l...

Published
Jan 10, 2026
Last Modified
Jan 10, 2026
Views
2
Bookmarks
0

Description

Request Expert Review

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.

CVSS Scores

CVSS 3.1 8.0
8.0
HIGH
CVSS 2.0 8.0

References

github.com

Additional Information

Source
security-advisories@github.com
State
Received

Related CVEs

CVE-2026-0837

HIGH

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of...

Score: 8.8

CVE-2026-0836

HIGH

A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW...

Score: 8.8

CVE-2025-15505

LOW

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The...

Score: 2.4

CVE-2026-0824

LOW

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results...

Score: 3.5

CVE-2026-0822

MEDIUM

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The mani...

Score: 6.3

CVE-2025-13393

MEDIUM

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This...

Score: 4.3

Share CVE-2026-22029

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-22029 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis