PatchSiren cyber security CVE debrief
CVE-2026-53721 nuxt CVE debrief
CVE-2026-53721 is a HIGH severity vulnerability in Nuxt, a Vue.js web development framework. Versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7 are affected by a route-rule middleware bypass due to a case-sensitivity mismatch between vue-router and the routeRules matcher. This vulnerability was patched in versions 3.21.7 and 4.4.7.
- Vendor
- nuxt
- Product
- Unknown
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Developers and administrators using Nuxt versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7 should be aware of this vulnerability and take steps to upgrade to a patched version.
Technical summary
The vulnerability is caused by a case-sensitivity mismatch between vue-router and the routeRules matcher in Nuxt. This allows for a route-rule middleware bypass, potentially leading to unauthorized access or other security issues.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Nuxt version 3.21.7 or later
- Upgrade to Nuxt version 4.4.7 or later
Evidence notes
CVE-2026-53721 has a CVSS score of 8.8 and is classified as HIGH severity. The vulnerability was published on 2026-06-12T15:16:31.297Z and last modified on 2026-06-12T16:01:25.477Z.
Official resources
CVE-2026-53721 was published on 2026-06-12T15:16:31.297Z and last modified on 2026-06-12T16:01:25.477Z.