CVE-2026-56326
medium
CVSS v3
6.1
CVSS v4 NEW
5.3
VIR risk
6.1
Description
Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`
Predictions
Exploit likelihood
71%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- https://github.com/nuxt/nuxt/commit/1f2dd5e78c77576437138e97671965573c232835
- https://github.com/nuxt/nuxt/commit/2cce6fb02e621196d56df92e05594e07469b5a6d
- https://github.com/nuxt/nuxt/security/advisories/GHSA-c9cv-mq2m-ppp3
- https://www.vulncheck.com/advisories/nuxt-server-side-open-redirect-via-path-normalization-bypass-in-navigateto
- https://github.com/nuxt/nuxt/pull/35115
- https://github.com/nuxt/nuxt/pull/35206
- https://github.com/nuxt/nuxt/commit/3394716d4a913cba904b028df5338f2aead50032
- https://github.com/nuxt/nuxt/commit/62fc32eddf648b00a3890141e0235d2a222b024d
- https://github.com/nuxt/nuxt/commit/6497d99dd106254abd089f6a263d7773869a343b
- https://github.com/nuxt/nuxt/commit/e447a793c47766834f7497f8412a76cd56fd8ee1
- https://github.com/nuxt/nuxt
CWEs
CWE-601
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.