CRITICAL
remix-run
CVE published 2026-01-10
CVE-2025-61686
CVE-2025-61686 is a critical vulnerability in React Router, a popular router for React applications. The vulnerability affects versions 7.0.0 through 7.9.3 of @react-router/node, and prior versions of @remix-run/deno and @remix-run/node. An attacker can exploit this vulnerability to cause the session to try to read/write from a location outside the specified session file directory, potentially leading to [truncated]