CVE intelligence and bounded remediation

CVE-2026-46342 — Nuxt is an open-source web development framework for Vue.js

Medium CVSS 5.4

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /__nuxt_island/* endpoint accepts attacker-controlled props query/body parameters and renders any island component without verifying that the URL-resident hash (<Name>_<hashId>.json) was actually issued for those inputs by <NuxtIsland>. The hash is computed and embedded client-side but never validated server-side, so the same path can return materially different responses depending on the query. This issue has been patched in versions 3.21.6 and 4.4.6.

Severity
Medium
CVSS
5.4 (3.1)
Published
2026-06-12
CISA KEV
Not currently listed
Ecosystem
software/application
Weaknesses
CWE-79, CWE-349, CWE-444

Affected products

  • nuxt / nuxt
  • nuxt / nuxt/nitro-server

Showing 2 representative product identities from 4 source matches. Confirm exact affected versions with the linked vendor and NVD evidence.

Matched remediation archetype

HTTP request smuggling and message-boundary ambiguity

This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.

Check exposure

  • Inventory every proxy, CDN, gateway, load balancer, service mesh, and application server hop on affected request paths.
  • Compare documented parsing and normalization behavior for message length, transfer coding, duplicate headers, and protocol translation.
  • Identify connection reuse and which downstream services trust headers added by intermediaries.

Remediate safely

  • Update affected intermediaries and origin servers and align them on a single standards-compliant request framing policy.
  • Reject ambiguous length, transfer-coding, duplicate, malformed, and unsupported framing before forwarding.
  • Normalize or remove hop-by-hop and identity headers at one controlled boundary and add multi-hop regression tests.

Authoritative sources

Complete CVE record and remediation plan

The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.