The Nuxt team has disclosed four security vulnerabilities. Here’s what Netlify customers need to know. Vulnerabilities
Continue reading...
- CVE-2026-47200 : Route middleware bypass via island page endpoints (nuxt 3.11.0–3.21.5, 4.0.0-alpha.1–4.4.5)
- CVE-2026-46342 : Island response not validated against request props (nuxt 3.1.0–3.21.5, 4.0.0-alpha.1–4.4.5)
- CVE-2026-45670 : Dev server exposes built source over LAN (nuxt 3.15.4–3.21.5, 4.0.0-alpha.1–4.4.5)
- CVE-2026-45669 : Reflected XSS via navigateTo with external: true (nuxt 3.4.3–3.21.5, 4.0.0-alpha.1–4.4.5)
- nuxt 3.21.6 or later (for Nuxt 3.x), or 4.4.6 or later (for Nuxt 4.x)
- @nuxt/rspack-builder and @nuxt/webpack-builder 3.21.6 or later, or 4.4.6 or later (if applicable)
- Nuxt security advisories
Continue reading...