Low3.1Red Hat Linux Updated
@remix-run/server-runtime: React Router: Insufficient CSRF protection allows integrity impact
CVE-2026-53663 Published Jun 22, 2026Updated by vendor Jun 22, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
@remix-run/server-runtime: React Router: Insufficient CSRF protection allows integrity impact. Red Hat rates this low (CVSS 3.1). Weakness: CWE-352.
Mitigation checklist
Recommended fix / mitigation
- Red Hat products that ship react-router are affected by this CSRF bypass in Framework Mode on PUT, PATCH, and DELETE requests. However, modern browser protections — CORS preflight checks and SameSite cookie defaults — significantly limit the practical exploitability of this flaw. No specific workaround is required. Updating to react-router 7.15.1 or later, when available in product updates, will fully resolve this issue.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.