PT-2026-46083 — React Router

PT-2026-46083 · Npm · React Router

Published

2026-06-03

Updated

2026-06-03

CVSS v4.0

6.6

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect.

[!NOTE] This does not impact your React Router application if you are using Declarative Mode (<BrowserRouter>)

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

GHSA-2J2X-HQR9-3H42

Affected Products

React Router

Weakness Enumeration

Related Identifiers

Affected Products

References · 4