CVE-2026-34404

Name of the Vulnerable Software and Affected Versions Nuxt OG Image versions prior to 6.2.5

Description The Nuxt OG Image component, used for generating Open Graph images with Vue templates in Nuxt, contains a potential for Denial of Service (DoS). This issue stems from a lack of restrictions on the width and height parameters when generating images via the /og/d/ endpoint (and /og-image/ in older versions). Sending a request with excessively large width and height values can exhaust server resources during image generation, leading to a DoS condition. The vulnerability was demonstrated by sending a GET request to the /og/d/og.png API endpoint with increased width and height parameters, such as width=20000&height=20000. This caused memory exhaustion on the test server.

Recommendations Versions prior to 6.2.5: Implement a limitation on the width and length of the generated image.