SB2026061981 - Input validation error in React Router



SB2026061981 - Input validation error in React Router

Published: June 19, 2026

Security Bulletin ID SB2026061981
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Input validation error (CVE-ID: CVE-2025-68470)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to redirect the application to an external URL.

The vulnerability exists due to improper input validation in navigation path handling when processing attacker-supplied paths passed to navigate(), Link, or redirect(). A remote user can supply a crafted path to redirect the application to an external URL.

This issue only occurs when untrusted content is passed into navigation paths in application code.


Remediation

Install update from vendor's website.