Sign In

CVE-2026-33245

ADVISORY - github

Summary

When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources

[!NOTE] This only impacts your application if you are using the unstable RSC APIs in React Router.

EPSS Score: 0.00033 (0.099)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - github

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-33245
EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-79

CVSS SCORE

8high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-8646-j5j9-6r62
EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-79

CVSS SCORE

8high