CVE-2026-34077
ADVISORY - githubSummary
A DoS vulnerability exists in the React Router v7 Framework Mode, as well as Remix v2.9.0+ with Single Fetch enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0 or later.
[!NOTE] This does not impact your React Router application if you are using Declarative Mode (
<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>).
EPSS Score: 0.0004 (0.123)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Allocation of Resources Without Limits or Throttling
ADVISORY - github
Allocation of Resources Without Limits or Throttling
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-34077
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-rxv8-25v2-qmq8
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)