THREATOPS
THREAT OPSThreat News › [NVD] CVE-2026-21884 (HIGH 8.2) — React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering wh

[NVD] CVE-2026-21884 (HIGH 8.2) — React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering wh

lownvdPublished 2026-01-10

CVE-2026-21884 CVSS: 8.2 HIGH Published: 2026-01-10T03:15:48.673

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-21884