CVE-2026-56301
Undergoing Analysis Undergoing Analysis - In Progress
Nuxt Development Server Local File Read via Unprotected IPC Socket

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: VulnCheck

Description
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit the unprotected module request handler to read arbitrary files such as .env and SSH keys through the SSR plugin pipeline. Production builds are unaffected, as the IPC server runs only in development.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-56301
EUVD
EUVD-2026-38436
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
nuxt nuxt to 4.4.7 (exc)
nuxt nuxt to 3.21.7 (exc)
nuxt nuxt From 4.0.0 (inc) to 4.4.6 (inc)
nuxt nuxt From 3.18.0 (inc) to 3.21.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56301 is a security vulnerability in the Nuxt development server (nuxt dev) on Linux systems. When running the development server, the vite-node IPC server binds to an abstract-namespace Unix socket without proper permission restrictions. This allows any local unprivileged user on the same Linux host to enumerate and connect to the socket.

Because the IPC server does not verify peer credentials or use shared secrets before processing requests, an attacker can exploit the unprotected module request handler to read arbitrary files such as .env files and SSH private keys through the server-side rendering (SSR) plugin pipeline.

This vulnerability affects Nuxt versions 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, and only impacts the development server on Linux. Production builds and other environments like Docker or Windows/macOS are not affected.

Impact Analysis

The primary impact of this vulnerability is a high confidentiality loss due to unauthorized local users being able to read sensitive files on the development machine.

  • Local unprivileged users can connect to the IPC socket and read arbitrary files such as environment configuration files (.env) and SSH private keys.
  • This can lead to exposure of secrets, credentials, and other sensitive information stored in these files.
  • The vulnerability requires local access to the Linux host and affects only development environments, not production.

Environments with shared multi-tenant Linux hosts, such as lab machines, shared bastions, or CI runners without container isolation, are particularly at risk.

Detection Guidance

This vulnerability can be detected by checking for the presence of the vite-node IPC socket bound to an abstract-namespace Unix socket without proper permission restrictions on Linux systems running the Nuxt development server (nuxt dev).

You can inspect the Unix sockets currently active on your system by examining the contents of /proc/net/unix to identify any abstract-namespace sockets related to Nuxt's vite-node IPC server.

  • Run the command: cat /proc/net/unix | grep vite-node
  • Check the permissions of the socket if it is a filesystem socket (after patch): ls -l /tmp/nuxt-*/*.sock

If the socket is bound to an abstract namespace (indicated by a '@' prefix in the socket name in /proc/net/unix) and lacks permission restrictions, the system is vulnerable.

Additionally, you can attempt to connect to the socket locally and send module requests to see if arbitrary file reads are possible, such as requesting sensitive files like .env or SSH keys.

Mitigation Strategies

To mitigate this vulnerability immediately, you should upgrade Nuxt to version 4.4.7 or later, or 3.21.7 or later, where the IPC server binds to a filesystem Unix socket with restricted permissions (chmod 0600).

If upgrading is not immediately possible, consider the following temporary workarounds:

  • Run the Nuxt development server inside a container or virtual machine to isolate the IPC socket.
  • Use a single-user namespace with the command: unshare -U to restrict socket visibility.
  • Restrict visibility of /proc/net/unix by mounting the proc filesystem with the hidepid=2 option to prevent other local users from enumerating sockets.

These mitigations reduce the risk of unauthorized local users connecting to the IPC socket and reading sensitive files.

Compliance Impact

This vulnerability allows local unprivileged users on Linux systems running the Nuxt development server to read arbitrary sensitive files such as .env files and SSH keys. Such unauthorized access to sensitive data can lead to confidentiality breaches.

Since the vulnerability results in high confidentiality loss due to unauthorized file access, it can negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive and personal data from unauthorized access.

The issue primarily affects development environments on shared multi-tenant Linux hosts, where multiple users have local access. Production environments are not affected.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56301. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart