Server-Side Open Redirect Vulnerability in Nuxt by Nuxt.js
CVE-2026-56326

5.3MEDIUM

Key Information:

Vendor

Nuxt

Status
Nuxt
Vendor
CVE Published:
22 June 2026

What is CVE-2026-56326?

Nuxt versions prior to 4.4.7 and 3.21.7 are susceptible to a server-side open redirect vulnerability in the navigateTo function. This issue arises from inadequate validation of path-normalized payloads, allowing attackers to manipulate redirect paths through constructs such as /..//evil.com and /.//evil.com. By exploiting this vulnerability, attackers can bypass external-host checks and redirect users to malicious sites via the Location header or meta-refresh tactics, potentially leading to phishing attacks and unauthorized access to OAuth authorization codes.

Affected Version(s)

Nuxt 4.0.0 < 4.4.7

Nuxt 0 < 3.21.7

Nuxt 4.4.7

References

https://github.com/nuxt/nuxt/security/advisories/GHSA-c9c...
vendor-advisory
https://github.com/nuxt/nuxt/commit/2cce6fb02e621196d56df...
patch
https://github.com/nuxt/nuxt/commit/1f2dd5e78c77576437138...
patch

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

alcls01111
.