CVE-2026-22029
high
Red Hat CVSS v3 Base Score
8.0
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 97% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
None
Published: January 10, 2026 (125 days ago)
Last Modified: January 10, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Vulnerability Report
Generated by CyberWatcher
Description
React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.
CWE
CWE-79Affected Products
Cryostat 4Gatekeeper 3Logging Subsystem for Red Hat OpenShiftMigration Toolkit for Applications 7Migration Toolkit for Applications 8Migration Toolkit for ContainersMigration Toolkit for VirtualizationMulticluster Engine for KubernetesNetwork Observability OperatorNode HealthCheck Operator