Middleware Bypass Vulnerability in Nuxt Web Development Framework
CVE-2026-53721
8.8HIGH
What is CVE-2026-53721?
A middleware bypass vulnerability has been identified in the Nuxt web development framework due to a case-sensitivity mismatch between vue-router and the routeRules matcher. This flaw affects numerous versions of Nuxt, allowing potential attackers to exploit route rules inappropriately. The issue has been addressed and patched in versions 3.21.7 and 4.4.7. It's crucial for all users of compromised versions to upgrade to secure versions to mitigate any risks associated with this vulnerability.
Affected Version(s)
nuxt >= 3.11.0, < 3.21.7 < 3.11.0, 3.21.7
nuxt >= 4.0.0, < 4.4.7 < 4.0.0, 4.4.7
