Shopify React-router
7 CVEs affecting Shopify React-router. Latest disclosed: 2026-06-02. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42211 | High | 8.1 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized re… |
CVE-2026-33245 | High | 8.0 | 2026-06-02 | React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potenti… |
CVE-2026-22029 | High | 8.0 | 2026-01-10 | React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open… |
CVE-2026-42342 | High | 7.5 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain c… |
CVE-2026-34077 | High | 7.5 | 2026-06-02 | React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potenti… |
CVE-2026-40181 | Medium | 6.1 | 2026-06-02 | React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open… |
CVE-2026-33244 | Medium | 5.4 | 2026-06-02 | React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP… |