CVE Catalog

CVE-2026-45669

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

Nuxt is a web development framework that in versions from 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 has an issue with the navigateTo() function. Using external: true generates an HTML redirect with a <meta http-equiv="refresh"> tag, allowing for injection of malicious code.

Risk Assessment

Attackers can exploit this vulnerability to inject arbitrary HTML/JavaScript, potentially leading to application takeover and user data theft.

Recommendation

It is recommended to upgrade to versions 3.21.6 or 4.4.6 to eliminate this vulnerability and secure the application against potential attacks.

Original NVD description (English source)

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML redirect body containing a <meta http-equiv="refresh"> tag. The destination URL is only sanitized by replacing " with %22, leaving <, >, &, and ' unencoded. An attacker who can influence the URL passed to navigateTo(url, { external: true }) can break out of the content="…" attribute and inject arbitrary HTML/JavaScript that executes under the application's origin. This issue has been patched in versions 3.21.6 and 4.4.6.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS