CyberRota
← Ana sayfaya dön

CVE-2026-42211

HIGH · CVSS 8.1 EPSS %0.42 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-02T20:16:36.537 · Çekilme zamanı: 2026-06-30T12:08:22.585294+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
remote code execution code execution
GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-42211
Severity
HIGH
CVSS
8.1
EPSS
%0.42

Orijinal NVD Açıklaması

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through external requests. This attack requires the application code to have an existing prototype pollution vulnerability, which can then be leveraged in a 2-step attack where the second step triggers unauthorized RCE on the remote server. This does not impact applications using Declarative Mode (`<BrowserRouter>`) or Data Mode (`createBrowserRouter/<RouterProvider>`). This is patched in version 7.14.2.