CVE-2026-53721

UNKNOWN 0.0

Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

7th

Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4.7.

CWE	CWE-178 CWE-863
Vendor	nuxt
Product	nuxt
Published	Jun 12, 2026

Stay Ahead of the Next One

Get instant alerts for nuxt nuxt

Be the first to know when new unknown vulnerabilities affecting nuxt nuxt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

nuxt / nuxt

>= 3.11.0, < 3.21.7 >= 4.0.0, < 4.4.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/nuxt/nuxt/security/advisories/GHSA-mm7m-92g8-7m47 github.com: https://github.com/nuxt/nuxt/commit/07e39cd6f26e407b4192b7865bd17bc44536b9bb github.com: https://github.com/nuxt/nuxt/commit/3f3e3fa7b5eec8e495f4f8ce0a54813a8875a11e