Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 12:58 p.m.11 views

CVE-2026-47200 Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled default in Nuxt 4, any...

6.3CVSS5.3AI score0.0023EPSS
Exploits1References2
CVE
CVE
added 2026/06/12 12:58 p.m.45 views

CVE-2026-47200

Nuxt CVE-2026-47200 affects Nuxt 3.11.0–3.21.5 and 4.0.0-alpha.1–4.4.5 with experimental.componentIslands enabled. Server islands under /_nuxt_island/page * for .server.vue pages could bypass route middleware, exposing server-rendered content without Vue Router middleware running. Patch applied i...

6.3CVSS5.2AI score0.0023EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2026/05/29 5:15 p.m.8 views

GHSA-HG3F-28RG-4JXJ Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Summary When experimental.componentIslands is enabled default in Nuxt 4, any .server.vue file under pages/ is automatically registered as a server island under the key page and exposed via the /nuxtisland/:name endpoint. Until this fix, requests through that endpoint rendered the page component...

6.3CVSS5.9AI score0.0023EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-45028

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description When experimental.componentIslands is enabled,...

6.3CVSS5.3AI score0.0023EPSS
Exploits1References8
Rows per page
Query Builder