PT-2026-46087 · Npm · React Router
Published
2026-06-03
·
Updated
2026-06-03
CVSS v3.1
8.0
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N |
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources
[!NOTE] This only impacts your application if you are using the unstable RSC APIs in React Router.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
React Router