top of page
perceptive_background_267k.jpg

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open…

Published:

9 January 2026 at 23:00:00

Alert date:

10 January 2026 at 13:10:58

Source:

nvd.nist.gov

Click to open the original link from this advisory

React Router versions prior to 1.23.2 and react-router 7.0.0 through 7.11.0 contain an open redirect vulnerability in SPA navigation. The vulnerability affects Framework Mode, Data Mode, and unstable RSC modes, allowing unsafe URLs to cause unintended JavaScript execution on the client. The issue only occurs when creating redirect paths from untrusted content or via open redirects. Declarative Mode using BrowserRouter is not affected. Patches are available in @remix-run/router version 1.23.2 and react-router version 7.12.0.

Technical details

Mitigation steps:

Affected products:

React Router
@remix-run/router
Remix

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-22029
https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page