CVE-2026-53721
HighCVSS 8.2Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4.7.
Risk Assessment
This vulnerability may lead to unauthorized access to routes, posing a risk to the security of the application and user data. Organizations should be aware of potential threats related to improper route management.
Recommendation
It is recommended to update Nuxt to version 3.21.7 or 4.4.7 to mitigate this vulnerability. Regularly updating components is crucial for maintaining application security.
Original NVD description (English source)
Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4.7.

