CVE-2026-40181

ADVISORY - github

Summary

Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect.

[!NOTE] This does not impact your React Router application if you are using Declarative Mode (<BrowserRouter>)

EPSS Score⁠: 0.00041 (0.127)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - github

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories

NIST

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-40181⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-601⁠

CVSS SCORE

6.6medium

GitHub

CREATED

14 hours ago

UPDATED

14 hours ago

ADVISORY IDGHSA-2j2x-hqr9-3h42⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-601⁠

CVSS SCORE

6.6medium