Nuxt Vulnerability Displays Restricted Data via URL Adjustment

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-53721 with a CVSS score of 8.8 is a route-rule middleware bypass vulnerability in the Nuxt web development framework for Vue.js, affecting versions , where a case-sensitivity mismatch between vue-router and the routeRules matcher allows an attacker to bypass middleware authentication by modifying the case of static segments in a protected URL, such as changing `/admin/dashboard` to `/Admin/dashboard`, and gain unauthorized access to protected pages, including any sensitive data rendered during server-side rendering, with no privileges or user interaction required, and a network attack vector, which can lead to high confidentiality impact and potentially incorrect authorization, especially in applications using `routeRules` with `appMiddleware` as an authorization gate, and prerequisites for exploitation include the use of `routeRules.appMiddleware` and a case-insensitive routing configuration, which is the default for vue-router.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

RECOMMENDATION:

We recommend you to update nuxt to below version:
https://github.com/nuxt/nuxt/releases

REFERENCES:

The following reports contain further technical details:

https://github.com/advisories/GHSA-mm7m-92g8-7m47

[/emaillocker]

Recent Advisories

Modular Phishing-as-a-Service Operation Targeting Federal Identity Portals

June 17, 2026

LobeHub API Vulnerability Enables Unauthenticated Access

June 17, 2026

Cloud Foundry UAA Vulnerability Gives Rise to Identity Checking Bypass

June 17, 2026

Advanced Backdoors Leverage Exclusive Crypters For System Evasion

June 17, 2026

Nuxt Vulnerability Displays Restricted Data via URL Adjustment

Recent Advisories

Report an Incident