Primary

Context

React Router External Redirect Vulnerability via Untrusted Paths

Vulnerability

A vulnerability in React Router allows for unexpected navigation to external URLs. This issue affects versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5. The vulnerability arises when an attacker crafts a path that, when used with the navigate() function, <Link> component, or redirect() method, redirects the application to an external site. This problem occurs only if untrusted content is injected into the navigation paths within the application.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of users to external websites, potentially causing phishing or other malicious activities.

Remediation

Users can upgrade to React Router versions 6.30.2 or 7.9.6 to address this vulnerability.

Added: Jan 10, 2026, 3:22 AM

Updated: Jan 10, 2026, 3:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

React Router External Redirect Vulnerability via Untrusted Paths

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating