4 matches found
CVE-2026-46342
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...
CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...
EUVD-2026-36418
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...