Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /__nuxt_island/* endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash (<Name>_<hashId>.json) was actually issued for those inputs by <NuxtIsland>. The hash is computed and embedded client-side but never validated server-side, so the same path can return materially different responses depending on the query. This issue has been patched in versions 3.21.6 and 4.4.6.
References
| Link | Resource |
|---|---|
| https://github.com/nuxt/nuxt/pull/35077 | Issue Tracking |
| https://github.com/nuxt/nuxt/security/advisories/GHSA-g8wj-3cr3-6w7v | Mitigation Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Jun 2026, 18:09
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:* cpe:2.3:a:nuxt:nuxt\/nitro-server:*:*:*:*:*:node.js:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| First Time |
Nuxt nuxt\/nitro-server
Nuxt Nuxt nuxt |
|
| References | () https://github.com/nuxt/nuxt/pull/35077 - Issue Tracking | |
| References | () https://github.com/nuxt/nuxt/security/advisories/GHSA-g8wj-3cr3-6w7v - Mitigation, Patch, Vendor Advisory |
12 Jun 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-12 14:16
Updated : 2026-06-15 18:09
NVD link : CVE-2026-46342
Mitre link : CVE-2026-46342
CVE.ORG link : CVE-2026-46342
JSON object : View
Products Affected
nuxt
- nuxt
- nuxt\/nitro-server