SB2026061981 - Input validation error in React Router
Published: June 19, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Input validation error (CVE-ID: CVE-2025-68470)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to redirect the application to an external URL.
The vulnerability exists due to improper input validation in navigation path handling when processing attacker-supplied paths passed to navigate(), Link, or redirect(). A remote user can supply a crafted path to redirect the application to an external URL.
This issue only occurs when untrusted content is passed into navigation paths in application code.
Remediation
Install update from vendor's website.