CVE-2026-40181
published 2026-06-02CVE-2026-40181: React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.16%
5.8th percentile
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (). This is patched in versions 7.14.1 and 6.30.4.
Affected
96 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advanced-cluster-security | rhacs-main-rhel8 | — | — |
| ansible-automation-platform-26 | gateway-rhel9 | — | — |
| ansible-automation-platform-27 | gateway-rhel9 | — | — |
| ansible-automation-platform | automation-portal | — | — |
| ansible-on-clouds | aoc-azure-aap-installer-rhel9 | — | — |
| apicurio | apicurio-registry-ui-rhel8 | — | — |
| apicurio | apicurio-registry-ui-rhel9 | — | — |
| clusterlabs | pcs | — | — |
| container-native-virtualization | kubevirt-console-plugin | — | — |
| container-native-virtualization | kubevirt-console-plugin-rhel9 | — | — |
| devspaces | dashboard-rhel9 | — | — |
| devspaces | openvsx-rhel9 | — | — |
| discovery | discovery-ui-rhel9 | — | — |
| exploit-intelligence-tech-preview | agent-client-rhel9 | — | — |
| gatekeeper | gatekeeper-rhel9 | — | — |
| grafana | grafana | — | — |
| migration-toolkit-virtualization | mtv-console-plugin-rhel9 | — | — |
| mozilla | thunderbird | — | — |
| mta | mta-ui-rhel8 | — | — |
| mta | mta-ui-rhel9 | — | — |
| mtv-candidate | mtv-console-plugin-rhel9 | — | — |
| multicluster-engine | console-mce-rhel9 | — | — |
| network-observability | network-observability-console-plugin-compat-rhel9 | — | — |
| network-observability | network-observability-console-plugin-rhel9 | — | — |
| odf4 | ocs-client-console-rhel9 | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.06.6MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
ghsa·2026-06-03
CVE-2026-40181 [MEDIUM] CWE-601 React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
Certain URLs passed to the `redirect` function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the `redirect`.
> [!NOTE]
> This does not impact your React Router application if you are using [Declarative Mode](https://reactrouter.com/start/modes#declarative) (``)
VulDB
remix-run react-router up to 6.30.3/7.14.0 Relative URL redirect (GHSA-2j2x-hqr9-3h42)
vuldb·2026-06-03·CVSS 6.6
CVE-2026-40181 [MEDIUM] remix-run react-router up to 6.30.3/7.14.0 Relative URL redirect (GHSA-2j2x-hqr9-3h42)
A vulnerability was found in remix-run react-router up to 6.30.3/7.14.0. It has been declared as problematic. The affected element is the function redirect of the component Relative URL Handler. Such manipulation leads to open redirect.
This vulnerability is documented as CVE-2026-40181. The attack can be executed remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
Red Hat
react-router: React Router: Open redirect vulnerability via specially crafted URLs
vendor_redhat·2026-06-02·CVSS 6.1
CVE-2026-40181 [MEDIUM] CWE-601 react-router: React Router: Open redirect vulnerability via specially crafted URLs
react-router: React Router: Open redirect vulnerability via specially crafted URLs
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (). This is patched in versions 7.14.1 and 6.30.4.
A flaw was found in React Router. This vulnerability allows a remote attacker to redirect users to an external, potentially malicious, website. This occurs when specially crafted URLs, containing paths starting with `//`, are pass
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-40181 h3: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
bugzilla·2026-06-17·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 h3: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
CVE-2026-40181 h3: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40181 llama-cpp: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
bugzilla·2026-06-17·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 llama-cpp: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
CVE-2026-40181 llama-cpp: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40181 fbthrift: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
bugzilla·2026-06-17·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 fbthrift: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
CVE-2026-40181 fbthrift: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40181 fbthrift: React Router: Open redirect vulnerability via specially crafted URLs [epel-all]
bugzilla·2026-06-17·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 fbthrift: React Router: Open redirect vulnerability via specially crafted URLs [epel-all]
CVE-2026-40181 fbthrift: React Router: Open redirect vulnerability via specially crafted URLs [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40181 fcitx5: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
bugzilla·2026-06-17·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 fcitx5: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
CVE-2026-40181 fcitx5: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40181 freeipa: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
bugzilla·2026-06-17·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 freeipa: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
CVE-2026-40181 freeipa: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40181 cachelib: React Router: Open redirect vulnerability via specially crafted URLs [epel-all]
bugzilla·2026-06-17·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 cachelib: React Router: Open redirect vulnerability via specially crafted URLs [epel-all]
CVE-2026-40181 cachelib: React Router: Open redirect vulnerability via specially crafted URLs [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40181 cachelib: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
bugzilla·2026-06-17·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 cachelib: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
CVE-2026-40181 cachelib: React Router: Open redirect vulnerability via specially crafted URLs [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40181 react-router: React Router: Open redirect vulnerability via specially crafted URLs
bugzilla·2026-06-02·CVSS 6.1
CVE-2026-40181 [MEDIUM] CVE-2026-40181 react-router: React Router: Open redirect vulnerability via specially crafted URLs
CVE-2026-40181 react-router: React Router: Open redirect vulnerability via specially crafted URLs
React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (). This is patched in versions 7.14.1 and 6.30.4.
Discussion:
As FreeIPA goes, we can safely waive this one, as we use Declarative mode, which is not affected
2026-06-02
Published