2428412 – (CVE-2026-22029) CVE-2026-22029 @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects

Bug 2428412 (CVE-2026-22029) - CVE-2026-22029 @remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects

Summary: CVE-2026-22029 @remix-run/router: react-router: React Router vulnerable to XS...

Keywords:
Status:	NEW
Alias:	CVE-2026-22029
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2428747 2428748 2428755 2428759 2428760 2428751 2428752 2428753 2428754 2428756 2428757 2428758
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-10 04:01 UTC by OSIDB Bzimport
Modified:	2026-03-06 10:55 UTC (History)
CC List:	159 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2026:3958	0	None	None	None	2026-03-06 10:12:31 UTC
Red Hat Product Errata	RHSA-2026:3959	0	None	None	None	2026-03-06 10:55:29 UTC

Description OSIDB Bzimport 2026-01-10 04:01:32 UTC

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.

Comment 4 errata-xmlrpc 2026-03-06 10:12:21 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.6 for RHEL 9
  Red Hat Ansible Automation Platform 2.6 for RHEL 10

Via RHSA-2026:3958 https://access.redhat.com/errata/RHSA-2026:3958

Comment 5 errata-xmlrpc 2026-03-06 10:55:17 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2026:3959 https://access.redhat.com/errata/RHSA-2026:3959

Note You need to log in before you can comment on or make changes to this bug.

aazores
abarbaro
abokovoy
abrianik
adudiak
alcohan
alizardo
anjoseph
anpicker
anthomas
aschwart
asoldano
bbaranow
bdettelb
bmaxwell
boliveir
bparees
brasmith
brian.stansberry
carogers
caswilli
cmah
cochase
darran.lofthouse
dbosanac
dhanak
dnakabaa
doconnor
dosoudil
dranck
drosa
dschmidt
dymurray
eaguilar
ebaron
ehelms
erezende
eric.wittmann
fdeutsch
frenaud
ftrivino
ggainey
ggrzybek
gmalinko
gparvin
haoli
hasun
hkataria
ibek
ibolton
istudens
ivassile
iweiss
jajackso
janstey
jbalunas
jcammara
jcantril
jchui
jfula
jhe
jkoehler
jlanda
jmatthew
jmitchel
jmontleo
jneedle
joehler
jolong
jowilson
jprabhak
jreimann
jrokos
juwatts
kaycoth
kegrant
koliveir
kshier
ktsao
kverlaen
lball
lchilton
lcouzens
lphiri
mabashia
manissin
mattdavi
mdessi
mhulan
mnovotny
mosmerov
mposolda
mrizzi
mskarbek
msvehla
mwringe
nboldt
ngough
nipatil
nmoumoul
nwallace
nyancey
ometelka
oramraz
osousa
owatkins
pahickey
pantinor
parichar
pberan
pbizzarr
pbohmill
pbraun
pcattana
pcreech
pdelbell
pesilva
pgaikwad
pjindal
pmackay
psrna
ptisnovs
rchan
rhaigner
rjohnson
rkubis
rmartinc
rojacob
rstancel
rstepani
sausingh
sdawley
sdoran
sfeifer
shvarugh
simaishi
slucidi
smaestri
smallamp
smcdonal
smullick
sseago
ssilvert
stcannon
sthorger
stirabos
syedriko
tasato
teagle
tfister
thason
thavo
tmalecek
tom.jenkinson
veshanka
vmuzikar
wtam
xdharmai
yguenane