VIR Vulnerability Intelligence Relay

Package impact

npm npm / react-router

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-33244 medium 5.4 5.4 2d ago React Router has stored XSS via unescaped Location header in prerendered redirect HTML
CVE-2026-40181 unknown 2d ago React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation