Remote Code Execution Vulnerability in React Router by Remix Run
CVE-2026-42211

8.1HIGH

Key Information:

Vendor: Remix-run
Status: React-router
Vendor: CVE Published:; 2 June 2026

🔔 Create Remix-run Vulnerability Alert

What is CVE-2026-42211?

false

Affected Version(s)

react-router >= 7.0.0, < 7.14.2

References

https://github.com/remix-run/react-router/security/adviso...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 25, 2026

CVE-2026-42211 Data

.