216.73.216.226

CVE-2026-45669

· Published 12/06/2026 16:16 · Modified 12/06/2026 16:01 · Author: The MITRE Corporation

Labels: CVE-2026-45669 2026-06-12CVE-2026-45669CWE-83[email protected]

Essential information

Published
12/06/2026 16:16
Modified
12/06/2026 16:01
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.4 MEDIUM (v3.1) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CWE-83
EPSS (First)
P18.8% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00059)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS metrics

Description

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML redirect body containing a <meta http-equiv="refresh"> tag. The destination URL is only sanitized by replacing " with %22, leaving <, >, &, and ' unencoded. An attacker who can influence the URL passed to navigateTo(url, { external: true }) can break out of the content="…" attribute and inject arbitrary HTML/JavaScript that executes under the application's origin. This issue has been patched in versions 3.21.6 and 4.4.6.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
nuxt / nuxt cpe:2.3:a:nuxt:nuxt:3.4.3-3.21.6:*:*:*:*:*:*:*
nuxt / nuxt cpe:2.3:a:nuxt:nuxt:4.0.0-alpha.1-4.4.6:*:*:*:*:*:*:*

References