CVE-2026-33245

ADVISORY - github

Summary

When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources

[!NOTE] This only impacts your application if you are using the unstable RSC APIs in React Router.

EPSS Score⁠: 0.00033 (0.099)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - github

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.