Nuxt · Nuxt Og Image · CVE-2026-34404
**Name of the Vulnerable Software and Affected Versions**
Nuxt OG Image versions prior to 6.2.5
**Description**
The Nuxt OG Image component, used for generating Open Graph images with Vue templates in Nuxt, contains a potential for Denial of Service (DoS). This issue stems from a lack of restrictions on the width and height parameters when generating images via the `/og/d/` endpoint (and `/og-image/` in older versions). Sending a request with excessively large width and height values can exhaust server resources during image generation, leading to a DoS condition. The vulnerability was demonstrated by sending a GET request to the `/og/d/og.png` API endpoint with increased `width` and `height` parameters, such as `width=20000&height=20000`. This caused memory exhaustion on the test server.
**Recommendations**
Versions prior to 6.2.5: Implement a limitation on the width and length of the generated image.