cbcvebase.
CVE-2026-33245
published 2026-06-02

CVE-2026-33245: React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a…

PriorityP423medium4.7CVSS 3.1
AVNACHPRNUIRSCCLILAN
EPSS
0.19%
8.6th percentile
React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS) vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not impact applications that are not using the unstable RSC APIs in React Router. This is patched in version 7.13.2.

Affected

91 ranges· showing 25
VendorProductVersion rangeFixed in
advanced-cluster-securityrhacs-main-rhel8
ansible-automation-platform-26gateway-rhel9
ansible-automation-platform-27gateway-rhel9
ansible-automation-platformautomation-portal
ansible-on-cloudsaoc-azure-aap-installer-rhel9
apicurioapicurio-registry-ui-rhel8
apicurioapicurio-registry-ui-rhel9
clusterlabspcs
container-native-virtualizationkubevirt-console-plugin
container-native-virtualizationkubevirt-console-plugin-rhel9
devspacesdashboard-rhel9
devspacesopenvsx-rhel9
discoverydiscovery-ui-rhel9
exploit-intelligence-tech-previewagent-client-rhel9
gatekeepergatekeeper-rhel9
grafanagrafana
migration-toolkit-virtualizationmtv-console-plugin-rhel9
mozillathunderbird
mtamta-ui-rhel8
mtamta-ui-rhel9
mtv-candidatemtv-console-plugin-rhel9
multicluster-engineconsole-mce-rhel9
network-observabilitynetwork-observability-console-plugin-compat-rhel9
network-observabilitynetwork-observability-console-plugin-rhel9
odf4ocs-client-console-rhel9

CVSS provenance

nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.