CVE-2026-22029P4MEDIUMCVSS 6.1fixed in 1.23.22026-01-10
CVE-2026-22029 [MEDIUM] CWE-79 CVE-2026-22029: React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client
nvd