These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-53722 is a reflected DOM-based cross-site scripting vulnerability in the Nuxt open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, the <NuxtLink> component did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying <a> element. This allows an attacker to supply a javascript: or vbscript: [truncated]
CVE-2026-53721 is a HIGH severity vulnerability in Nuxt, a Vue.js web development framework. Versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7 are affected by a route-rule middleware bypass due to a case-sensitivity mismatch between vue-router and the routeRules matcher. This vulnerability was patched in versions 3.21.7 and 4.4.7.
CVE-2026-49993 is a MEDIUM severity vulnerability in @nuxt/rspack-builder and @nuxt/webpack-builder. An incomplete fix for GHSA-6m52-m754-pw2g allows source code to be stolen during development when the dev server is bound to a non-loopback address and a malicious site is opened on the same network.
CVE-2026-47200 is a vulnerability in Nuxt, an open-source web development framework for Vue.js. Versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled (default in Nuxt 4), any .server.vue file under pages/ is automatically registered as a server island under the key page_<routeName> and exposed via the /__nuxt_island/:name endpoint. Until this fix [truncated]
CVE-2026-46342 is a vulnerability in Nuxt, an open-source web development framework for Vue.js. The vulnerability affects Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, as well as @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6. The /__nuxt_island/* endpoint accepts attacker-controlled props query/body parameters and renders any island compone [truncated]
A vulnerability was found in @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6. This issue is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during development when using the webpack / rspack builder if the development server is bound to a non-loopback address (e.g., `nuxt dev --host`) and the developer opens a maliciou [truncated]
CVE-2026-45669 is a vulnerability in the Nuxt open-source web development framework for Vue.js. Versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 are affected. The navigateTo() function with external: true generates a server-side HTML redirect body containing a <meta http-equiv='refresh'> tag. The destination URL is only sanitized by replacing ' with %22, leaving <, >, &, and ' unencoded. [truncated]