Middleware Bypass Vulnerability in Nuxt Web Development Framework
CVE-2026-53721

8.8HIGH

Key Information:

Vendor

Nuxt

Status
Vendor
CVE Published:
12 June 2026

What is CVE-2026-53721?

A middleware bypass vulnerability has been identified in the Nuxt web development framework due to a case-sensitivity mismatch between vue-router and the routeRules matcher. This flaw affects numerous versions of Nuxt, allowing potential attackers to exploit route rules inappropriately. The issue has been addressed and patched in versions 3.21.7 and 4.4.7. It's crucial for all users of compromised versions to upgrade to secure versions to mitigate any risks associated with this vulnerability.

Affected Version(s)

nuxt >= 3.11.0, < 3.21.7 < 3.11.0, 3.21.7

nuxt >= 4.0.0, < 4.4.7 < 4.0.0, 4.4.7

References

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.