PT-2026-48880 · Nuxt · Nuxt
Published
2026-06-12
·
Updated
2026-06-12
·
CVE-2026-53721
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N |
Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4.7.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nuxt