CVE-2026-34404
Nuxt OG Image vulnerable to DoS via image generation
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates. This issue has been patched in version 6.2.5.
| CWE | CWE-400 |
| Vendor | nuxt-modules |
| Product | og-image |
| Published | Mar 31, 2026 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for nuxt-modules og-image
Be the first to know when new unknown vulnerabilities affecting nuxt-modules og-image are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
nuxt-modules / og-image
< 6.2.5