Local File Read Vulnerability in Nuxt Development Server
CVE-2026-56301

6.8MEDIUM

Key Information:

Vendor: Nuxt
Status: Nuxt
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-56301?

In specific versions of Nuxt, running the development server on Linux allows unprivileged local users to connect to the unprotected vite-node IPC server. This can lead to an arbitrary file read vulnerability, permitting unauthorized access to sensitive files such as environment variables and SSH keys. This issue is limited to development mode, as the IPC server is not exposed in production builds.