{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40181", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-09T20:59:17.619Z", "datePublished": "2026-06-02T17:55:09.919Z", "dateUpdated": "2026-06-03T15:56:43.041Z"}, "containers": {"cna": {"title": "React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/remix-run/react-router/security/advisories/GHSA-2j2x-hqr9-3h42", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2j2x-hqr9-3h42"}], "affected": [{"vendor": "remix-run", "product": "react-router", "versions": [{"version": ">= 7.0.0, < 7.14.1", "status": "affected"}, {"version": ">= 6.7.0, < 6.30.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-02T17:55:09.919Z"}, "descriptions": [{"lang": "en", "value": "React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4."}], "source": {"advisory": "GHSA-2j2x-hqr9-3h42", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-03T15:55:42.346232Z", "id": "CVE-2026-40181", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-03T15:56:43.041Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40181", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-03T15:55:42.346232Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-03T15:56:39.667Z"}}], "cna": {"title": "React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation", "source": {"advisory": "GHSA-2j2x-hqr9-3h42", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "remix-run", "product": "react-router", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.14.1"}, {"status": "affected", "version": ">= 6.7.0, < 6.30.4"}]}], "references": [{"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2j2x-hqr9-3h42", "name": "https://github.com/remix-run/react-router/security/advisories/GHSA-2j2x-hqr9-3h42", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-02T17:55:09.919Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40181", "state": "PUBLISHED", "dateUpdated": "2026-06-03T15:56:43.041Z", "dateReserved": "2026-04-09T20:59:17.619Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-02T17:55:09.919Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shopify:react-router:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "D9062F0E-8B2E-42A4-9C6E-726BCB9CFDE7", "versionEndExcluding": "6.30.4", "versionStartIncluding": "6.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:shopify:react-router:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E4CB8AD1-CF08-421C-931D-808B2F8209A6", "versionEndExcluding": "7.14.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4."}], "id": "CVE-2026-40181", "lastModified": "2026-06-04T18:46:47.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-06-02T20:16:35.597", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2j2x-hqr9-3h42"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "react-router: React Router: Open redirect vulnerability via specially crafted URLs", "id": "2484112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484112"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4.", "A flaw was found in React Router. This vulnerability allows a remote attacker to redirect users to an external, potentially malicious, website. This occurs when specially crafted URLs, containing paths starting with `//`, are passed to the redirect function, causing them to be misinterpreted as protocol-relative URLs. The severity of the impact depends on how the application validates redirects."], "mitigation": {"lang": "en:us", "value": "Application developers using React Router in Red Hat products should implement robust URL validation before performing redirects to prevent misinterpretation of protocol-relative URLs. Additionally, applications configured with Declarative Mode (<BrowserRouter>) are not impacted by this vulnerability. Users should exercise caution when interacting with untrusted links."}, "name": "CVE-2026-40181", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Under investigation", "package_name": "cryostat-openshift-console-plugin-npm", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Under investigation", "package_name": "grafana-infinity-datasource-npm", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:cryostat:4", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Cryostat 4"}, {"cpe": "cpe:/a:redhat:exploit_intelligence:0", "fix_state": "Fix deferred", "package_name": "exploit-intelligence-tech-preview/agent-client-rhel9", "product_name": "Exploit Intelligence"}, {"cpe": "cpe:/a:redhat:gatekeeper:3", "fix_state": "Under investigation", "package_name": "gatekeeper/gatekeeper-rhel9", "product_name": "Gatekeeper 3"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Fix deferred", "package_name": "mta/mta-ui-rhel8", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Fix deferred", "package_name": "mta/mta-ui-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:rhmt:1", "fix_state": "Fix deferred", "package_name": "rhmtc/openshift-migration-ui-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Fix deferred", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Fix deferred", "package_name": "mtv-candidate/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Under investigation", "package_name": "multicluster-engine/console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Fix deferred", "package_name": "network-observability/network-observability-console-plugin-compat-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Fix deferred", "package_name": "network-observability/network-observability-console-plugin-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nhc:0", "fix_state": "Fix deferred", "package_name": "workload-availability/node-healthcheck-must-gather-rhel9", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nhc:0", "fix_state": "Fix deferred", "package_name": "workload-availability/node-healthcheck-operator-bundle", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nhc:0", "fix_state": "Fix deferred", "package_name": "workload-availability/node-healthcheck-rhel9-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Fix deferred", "package_name": "openshift-lightspeed/lightspeed-console-plugin-419-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Fix deferred", "package_name": "openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Fix deferred", "package_name": "openshift-lightspeed/lightspeed-console-plugin-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines/pipelines-console-plugin-pf5-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines/pipelines-console-plugin-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines/pipelines-console-plugin-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/kiali-ossmc-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/kiali-operator-bundle", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/kiali-ossmc-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/kiali-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/kiali-rhel9-operator", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "redhat-user-workloads/console-acm-211", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "redhat-user-workloads/console-acm-212", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "redhat-user-workloads/console-acm-213", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Under investigation", "package_name": "rhacm2/console-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-27/gateway-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-on-clouds/aoc-azure-aap-installer-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "automation-eda-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "automation-hub", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "automation-platform-ui", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "python3.11-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "python3.12-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "python3x-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "python-galaxy-ng", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Under investigation", "package_name": "apicurio/apicurio-registry-ui-rhel8", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:apicurio_registry:3", "fix_state": "Under investigation", "package_name": "apicurio/apicurio-registry-ui-rhel9", "product_name": "Red Hat build of Apicurio Registry 3"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Under investigation", "package_name": "rh-podman-desktop.git", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Fix deferred", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:ceph_storage:9", "fix_state": "Fix deferred", "package_name": "rhceph/alloy-rhel10", "product_name": "Red Hat Ceph Storage 9"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Under investigation", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:discovery:2::el9", "fix_state": "Under investigation", "package_name": "discovery/discovery-ui-rhel9", "product_name": "Red Hat Discovery 2"}, {"cpe": "cpe:/a:redhat:edge_manager:1", "fix_state": "Under investigation", "package_name": "rhem/flightctl-ui-ocp-rhel10", "product_name": "Red Hat Edge Manager 1"}, {"cpe": "cpe:/a:redhat:edge_manager:1", "fix_state": "Under investigation", "package_name": "rhem/flightctl-ui-ocp-rhel9", "product_name": "Red Hat Edge Manager 1"}, {"cpe": "cpe:/a:redhat:edge_manager:1", "fix_state": "Under investigation", "package_name": "rhem/flightctl-ui-rhel10", "product_name": "Red Hat Edge Manager 1"}, {"cpe": "cpe:/a:redhat:edge_manager:1", "fix_state": "Under investigation", "package_name": "rhem/flightctl-ui-rhel9", "product_name": "Red Hat Edge Manager 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "ipa", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "cockpit-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "dotnet5.0-build-reference-packages", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "ipa", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-dashboard-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mod-arch-automl-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mod-arch-autorag-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mod-arch-eval-hub-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mod-arch-gen-ai-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mod-arch-maas-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mod-arch-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mod-arch-model-registry-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-agent-installer-ui-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-console-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-monitoring-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-prometheus-alertmanager-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/art-images", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/ocs-client-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/odf-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/odf-multicluster-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "rhceph-dev/odf4-ocs-client-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "rhceph-dev/odf4-odf-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "rhceph-dev/odf4-odf-multicluster-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Under investigation", "package_name": "devspaces/dashboard-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Under investigation", "package_name": "devspaces/openvsx-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Fix deferred", "package_name": "rhosdt/tempo-jaeger-query-rhel9", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Fix deferred", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Fix deferred", "package_name": "openshift-gitops-1/argocd-rhel9", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Fix deferred", "package_name": "openshift-gitops-1/console-plugin-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Fix deferred", "package_name": "openshift-gitops-1/console-plugin-rhel9", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Fix deferred", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Fix deferred", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Under investigation", "package_name": "nodejs-react-router", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Under investigation", "package_name": "nodejs-react-router-dom", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Under investigation", "package_name": "satellite/iop-advisor-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Under investigation", "package_name": "satellite/iop-host-inventory-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Under investigation", "package_name": "satellite/iop-vulnerability-frontend-rhel9", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Under investigation", "package_name": "react-router", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Under investigation", "package_name": "rhtas/rhtas-console-ui-rhel9", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:2", "fix_state": "Under investigation", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Under investigation", "package_name": "ansible-automation-platform/automation-portal", "product_name": "Self-service automation portal 2"}], "public_date": "2026-06-02T17:55:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40181\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40181\nhttps://github.com/remix-run/react-router/security/advisories/GHSA-2j2x-hqr9-3h42"], "statement": "A Moderate impact open redirect vulnerability exists in React Router, affecting versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3. This flaw allows a remote attacker to redirect users to arbitrary external websites by crafting URLs that begin with `//`, which are then misinterpreted as protocol-relative. The exploitability and actual impact on Red Hat products depend on the specific application's redirect validation logic. Applications utilizing React Router in Declarative Mode (`<BrowserRouter>`) are not affected by this issue.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.14.1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[6.7.0,6.30.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "react-router", "source": "cna", "vendor": "remix-run"}, "product": "react-router", "vendor": "remix-run"}], "created": "2026-06-03T04:00:13.048575+00:00", "updated": "2026-06-03T04:45:25.401463+00:00", "vendors": ["remix-run", "remix-run$PRODUCT$react-router"]}