React Router has XSS Vulnerability
High severity GitHub Reviewed Published Jan 8, 2026 in remix-run/react-router • Updated Jan 11, 2026
Package
@remix-run/react (npm)
Affected versions
>= 1.15.0, <= 2.17.0
Patched versions
2.17.1
>= 7.0.0, <= 7.8.2
7.9.0
Description
Published to the GitHub Advisory Database
Jan 8, 2026
Reviewed
Jan 8, 2026
Last updated
Jan 11, 2026
Severity
High
/ 10
CVSS v3 base metrics
Attack vector
Networ…
React Router has XSS Vulnerability
High severity GitHub Reviewed Published Jan 8, 2026 in remix-run/react-router • Updated Jan 11, 2026
Package
@remix-run/react (npm)
Affected versions
>= 1.15.0, <= 2.17.0
Patched versions
2.17.1
>= 7.0.0, <= 7.8.2
7.9.0
Description
Published to the GitHub Advisory Database
Jan 8, 2026
Reviewed
Jan 8, 2026
Last updated
Jan 11, 2026
Severity
High
/ 10
CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
EPSS score
(11th percentile)
Weaknesses
Weakness CWE-79
CVE ID
CVE-2025-59057
GHSA ID
GHSA-3cgp-3xvw-98x8
Loading Checking history