CVE-2025-68470

Medium CVSS: 6.5

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.

Vendor

Shopify

Product

React-router

CWE

CWE-601

Yayın Tarihi

2026-01-10 03:15:48

Güncelleme

2026-01-30 18:20:54

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-601 React-router MEDIUM Shopify 2026

Referanslar

https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m

Benzer Kayıtlar

Medium

CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through…

High

CVE-2025-59057

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0…

Critical

CVE-2025-61686

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version…

High

CVE-2026-21884

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0,…

High

CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0,…