CVE Catalog

CVE-2026-53721

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4.7.

Risk Assessment

This vulnerability may lead to unauthorized access to routes, posing a risk to the security of the application and user data. Organizations should be aware of potential threats related to improper route management.

Recommendation

It is recommended to update Nuxt to version 3.21.7 or 4.4.7 to mitigate this vulnerability. Regularly updating components is crucial for maintaining application security.

Original NVD description (English source)

Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS