All 9 CVE vulnerabilities found in react-router, with AI-generated Chinese analysis, references, and POCs.
Vendor: remix-run
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-22030 | React Router has CSRF issue in Action/Server Action Request Processing CWE-346 | 6.5 | Medium | 2026-01-10 |
| CVE-2026-22029 | React Router vulnerable to XSS via Open Redirects CWE-79 | 8.0 | High | 2026-01-10 |
| CVE-2026-21884 | React Router SSR XSS in ScrollRestoration CWE-79 | 8.2 | High | 2026-01-10 |
| CVE-2025-61686 | React Router has Path Traversal in File Session Storage CWE-22 | 9.1 | Critical | 2026-01-10 |
| CVE-2025-59057 | React Router has XSS Vulnerability CWE-79 | 7.6 | High | 2026-01-10 |
| CVE-2025-68470 | React Router has unexpected external redirect via untrusted paths CWE-601 | 6.5 | Medium | 2026-01-10 |
| CVE-2025-43865 | React Router allows pre-render data spoofing on React-Router framework mode CWE-345 | 8.2 | High | 2025-04-25 |
| CVE-2025-43864 | React Router allows a DoS via cache poisoning by forcing SPA mode CWE-755 | 7.5 | High | 2025-04-25 |
| CVE-2025-31137 | Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers CWE-444 | 5.3 | - | 2025-04-01 |
All 9 known CVE vulnerabilities affecting react-router with full Chinese analysis, references, and POCs where available.