React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22029.json
https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx
https://bugzilla.redhat.com/show_bug.cgi?id=2428412
https://access.redhat.com/security/cve/CVE-2026-22029
https://access.redhat.com/errata/RHSA-2026:9848
https://access.redhat.com/errata/RHSA-2026:8229
https://access.redhat.com/errata/RHSA-2026:8218
https://access.redhat.com/errata/RHSA-2026:5636
https://access.redhat.com/errata/RHSA-2026:5633
https://access.redhat.com/errata/RHSA-2026:3960
https://access.redhat.com/errata/RHSA-2026:3959
https://access.redhat.com/errata/RHSA-2026:3958
https://access.redhat.com/errata/RHSA-2026:3782
https://access.redhat.com/errata/RHSA-2026:36882
https://access.redhat.com/errata/RHSA-2026:36651
https://access.redhat.com/errata/RHSA-2026:34100
https://access.redhat.com/errata/RHSA-2026:3087
https://access.redhat.com/errata/RHSA-2026:2694
https://access.redhat.com/errata/RHSA-2026:26420
https://access.redhat.com/errata/RHSA-2026:26413
https://access.redhat.com/errata/RHSA-2026:2572
https://access.redhat.com/errata/RHSA-2026:2568
https://access.redhat.com/errata/RHSA-2026:2456
https://access.redhat.com/errata/RHSA-2026:2350
https://access.redhat.com/errata/RHSA-2026:21658
https://access.redhat.com/errata/RHSA-2026:2149
https://access.redhat.com/errata/RHSA-2026:2148
https://access.redhat.com/errata/RHSA-2026:2147
https://access.redhat.com/errata/RHSA-2026:20042
https://access.redhat.com/errata/RHSA-2026:20041
https://access.redhat.com/errata/RHSA-2026:19712
https://access.redhat.com/errata/RHSA-2026:17474
https://access.redhat.com/errata/RHSA-2026:17469
https://access.redhat.com/errata/RHSA-2026:17468
https://access.redhat.com/errata/RHSA-2026:1517