cbcvebase.
CVE-2026-53663
published 2026-06-22

CVE-2026-53663: React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests…

PriorityP412low3.1CVSS 3.1
AVNACHPRNUIRSUCNILAN
EPSS
0.11%
1.3th percentile
React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections (CORS preflight, SameSite cookies) already block the cross-origin attack vectors that this missing CSRF check would otherwise gate. This vulnerability is fixed in 7.15.1.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
ansible-automation-platform-26gateway-rhel9
ansible-automation-platform-27gateway-rhel9
ansible-on-cloudsaoc-azure-aap-installer-rhel9
exploit-intelligence-tech-previewagent-client-rhel9
network-observabilitynetwork-observability-console-plugin-pf4-rhel9
network-observabilitynetwork-observability-console-plugin-pf5-rhel9
network-observabilitynetwork-observability-console-plugin-rhel9
openshift-pipelinespipelines-console-plugin-pf5-rhel9
openshift-pipelinespipelines-console-plugin-rhel9
openshift-pipelinespipelines-hub-ui-rhel9
openshift4ose-agent-installer-ui-rhel9
openshift4ose-console-rhel9
openshift4ose-monitoring-plugin-rhel9
quayquay-rhel8
quayquay-rhel9
remix-runreact-router
remix-runreact-router
remix-runreact-router>= 7.12.0 < 7.15.17.15.1
remix-runserver-runtime
remix-runserver-runtime>= 2.17.3 < 2.17.52.17.5
rhoaiodh-dashboard-rhel9
rhoaiodh-mlflow-rhel9
rhoaiodh-mod-arch-automl-rhel9
rhoaiodh-mod-arch-autorag-rhel9
rhoaiodh-mod-arch-eval-hub-rhel9

CVSS provenance

nvdv3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
vendor_redhat3.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.