CVE-2026-40181

Published: Giu 02, 2026 Last Modified: Giu 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4.

601

URL Redirection to Untrusted Site ('Open Redirect')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Other

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity Other

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Low

View CWE Details

https://github.com/remix-run/react-router/security/advisori…

https://github.com/remix-run/react-router/security/advisories/GHSA-2j2x-hqr9-3h…

CVE-2026-40181

Description

URL Redirection to Untrusted Site ('Open Redirect')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter