Moderate severityNVD Advisory· Published Jun 22, 2026
Nuxt - Server-Side Open Redirect via Path-Normalization Bypass in navigateTo
CVE-2026-56326
Description
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to redirect users to attacker-controlled sites via the Location header or meta-refresh, enabling phishing and OAuth authorization-code theft.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nuxtnpm | >= 4.0.0, < 4.4.7 | 4.4.7 |
nuxtnpm | < 3.21.7 | 3.21.7 |
Affected products
1Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- github.com/nuxt/nuxt/commit/1f2dd5e78c77576437138e97671965573c232835ghsapatchWEB
- github.com/nuxt/nuxt/commit/2cce6fb02e621196d56df92e05594e07469b5a6dghsapatchWEB
- github.com/advisories/GHSA-c9cv-mq2m-ppp3ghsaADVISORY
- github.com/nuxt/nuxt/security/advisories/GHSA-c9cv-mq2m-ppp3ghsavendor-advisoryWEB
- www.vulncheck.com/advisories/nuxt-server-side-open-redirect-via-path-normalization-bypass-in-navigatetomitrethird-party-advisory
- github.com/nuxt/nuxt/commit/3394716d4a913cba904b028df5338f2aead50032ghsaWEB
- github.com/nuxt/nuxt/commit/62fc32eddf648b00a3890141e0235d2a222b024dghsaWEB
- github.com/nuxt/nuxt/commit/6497d99dd106254abd089f6a263d7773869a343bghsaWEB
- github.com/nuxt/nuxt/commit/e447a793c47766834f7497f8412a76cd56fd8ee1ghsaWEB
- github.com/nuxt/nuxt/pull/35115ghsaWEB
- github.com/nuxt/nuxt/pull/35206ghsaWEB
News mentions
0No linked articles in our index yet.