CVE-2026-40181

ADVISORY - github

Summary

Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect.

[!NOTE] This does not impact your React Router application if you are using Declarative Mode (<BrowserRouter>)

EPSS Score⁠: 0.00041 (0.127)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - github

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.