CVE-2026-40181

6.1 MEDIUM

React Router is a router for React

Published: 2026-06-02 · Last updated: 2026-06-04

Severity and scoring

CVSS: 6.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-601

Affected products

Vendor	Product
shopify	react-router

Description

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-40181
[Vendor advisory]https://github.com/remix-run/react-router/security/advisories/GHSA-2j2x-hqr9-3h42

Related CVEs

Same vendor

CVE-2026-42342 — React Router is a router for React (7.5 HIGH)
CVE-2026-42211 — React Router is a router for React (8.1 HIGH)
CVE-2026-34077 — React Router is a router for React (7.5 HIGH)
CVE-2026-33245 — React Router is a router for React (8.0 HIGH)
CVE-2026-33244 — React Router is a router for React (5.4 MEDIUM)

Same CWE

CVE-2026-46616 — Umbraco is an ASP.NET CMS (5.4 MEDIUM)
CVE-2026-48856 — Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data
CVE-2026-45566 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (6.1 MEDIUM)
CVE-2026-53440 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" secur... (4.3 MEDIUM)
CVE-2026-53437 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenk... (4.3 MEDIUM)