15 matches found
CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...
CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...
CVE-2026-46342
Nuxt (Vue.js framework) versions 3.1.0–3.21.5 and 4.0.0-alpha.1–4.4.5 are affected by CVE-2026-46342 due to the /__nuxt_island/* endpoint not binding responses to the request props, allowing attacker-controlled props to influence island component rendering via an unverified URL-resident hash. Thi...
PT-2026-45028
Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description When experimental.componentIslands is enabled,...
GHSA-G8WJ-3CR3-6W7V Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...
NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
NPM: Nuxt: nuxtisland endpoint does not bind responses to request props, enabling shared-cache poisoning vulnerability discovered by ? in WordPress Npm nuxt versions = 3.1.0, = 3.21.5...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive attacker-controlled HTML by priming a shared cache with...
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Summary The /nuxtisland/ endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash .json was actually issued for those inputs by . The hash is computed and embedded client-side but never validated server-side, so...
PT-2026-42038
Name of the Vulnerable Software and Affected Versions Nuxt versions 3.1.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description The '/ nuxt island/' endpoint accepts...
Client-Side Path Traversal
Nuxt is vulnerable to Client-Side Path Traversal. The vulnerability is due to improper validation of user-controlled data within the Island payload revival mechanism, which allows an attacker to craft malicious nuxtisland objects that manipulate client-side requests to arbitrary endpoints within...
GHSA-P6JQ-8VC4-79F6 Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival
Summary A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. Technical Details The vulnerability occurs in...
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival
Summary A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. Technical Details The vulnerability occurs in...
CVE-2025-59414
Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...
CVE-2025-59414 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival
Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...
PT-2025-38250
Name of the Vulnerable Software and Affected Versions: Nuxt versions prior to 3.19.0 Nuxt versions prior to 4.1.0 Description: A client-side path traversal vulnerability exists in Nuxt's Island payload revival mechanism. This allows attackers to manipulate client-side requests to different...