Low severity3.7GHSA Advisory· Published May 14, 2026· Updated May 15, 2026
CVE-2026-44589
CVE-2026-44589
Description
Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in nuxt-og-image@6.2.5 to remediate GHSA-pqhr-mp3f-hrpp (Dmitry Prokhorov / Positive Technologies, March 2026) is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validation. This vulnerability is fixed in 6.4.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nuxt-og-imagenpm | >= 6.2.5, < 6.4.9 | 6.4.9 |
Affected products
1- Range: >= 6.2.5, < 6.4.9
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.