THREAT OPS › Threat News › [NVD] CVE-2026-22029 (HIGH 8.0) — React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can res
[NVD] CVE-2026-22029 (HIGH 8.0) — React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can res
CVE-2026-22029 CVSS: 8.0 HIGH Published: 2026-01-10T03:15:48.870
React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execu
MITRE ATT&CK techniques
- JavaScriptT1059.007
Indicators of compromise
- CVE-2026-22029cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-22029