CVE-2026-22030 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-22030 Interim 1 1 2026-03-05T00:18:27Z current 2026-03-05T00:18:27Z 2026-03-05T00:18:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-22030 React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. There is no impact if Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>) is being used. This issue has been patched in @remix-run/server-runtime version 2.17.3 and react-router version 7.12.0. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for SAP Applications 15 SP4 SUSE Linux Enterprise Module for SAP Applications 15 SP5 SUSE Linux Enterprise Module for SAP Applications 15 SP7 SUSE Linux Enterprise Server for SAP applications 16.0 SUSE Manager Client Tools for SLE 12 SUSE Manager Client Tools for SLE 15 SUSE Multi-Linux Manager Client Tools for SLE 12 SUSE Multi-Linux Manager Client Tools for SLE 15 openSUSE Leap 15.6 firewalld-prometheus-config golang-github-prometheus-prometheus trento-web velociraptor golang-github-prometheus-prometheus as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 trento-web as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP4 trento-web as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP5 trento-web as a component of SUSE Linux Enterprise Module for SAP Applications 15 SP7 golang-github-prometheus-prometheus as a component of SUSE Linux Enterprise Server 16.0 velociraptor as a component of SUSE Linux Enterprise Server 16.0 golang-github-prometheus-prometheus as a component of SUSE Linux Enterprise Server for SAP applications 16.0 trento-web as a component of SUSE Linux Enterprise Server for SAP applications 16.0 velociraptor as a component of SUSE Linux Enterprise Server for SAP applications 16.0 golang-github-prometheus-prometheus as a component of SUSE Manager Client Tools for SLE 12 golang-github-prometheus-prometheus as a component of SUSE Manager Client Tools for SLE 15 golang-github-prometheus-prometheus as a component of SUSE Multi-Linux Manager Client Tools for SLE 12 golang-github-prometheus-prometheus as a component of SUSE Multi-Linux Manager Client Tools for SLE 15 firewalld-prometheus-config as a component of openSUSE Leap 15.6 golang-github-prometheus-prometheus as a component of openSUSE Leap 15.6 React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. There is no impact if Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>) is being used. This issue has been patched in @remix-run/server-runtime version 2.17.3 and react-router version 7.12.0. CVE-2026-22030 SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-prometheus SUSE Linux Enterprise Server 16.0:golang-github-prometheus-prometheus SUSE Linux Enterprise Server 16.0:velociraptor SUSE Linux Enterprise Server for SAP applications 16.0:golang-github-prometheus-prometheus SUSE Linux Enterprise Server for SAP applications 16.0:velociraptor SUSE Manager Client Tools for SLE 12:golang-github-prometheus-prometheus SUSE Manager Client Tools for SLE 15:golang-github-prometheus-prometheus SUSE Multi-Linux Manager Client Tools for SLE 12:golang-github-prometheus-prometheus SUSE Multi-Linux Manager Client Tools for SLE 15:golang-github-prometheus-prometheus openSUSE Leap 15.6:firewalld-prometheus-config openSUSE Leap 15.6:golang-github-prometheus-prometheus moderate 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N