CVE-2026-56326
Received Received - Intake
Open Redirect in Nuxt.js via Path Normalization

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: VulnCheck

Description
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to redirect users to attacker-controlled sites via the Location header or meta-refresh, enabling phishing and OAuth authorization-code theft.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-56326
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nuxt nuxt to 4.4.7 (exc)
nuxt nuxt to 3.21.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7. It is a server-side open redirect issue in the navigateTo function, which fails to properly validate certain path-normalized payloads such as /..//evil.com and /.//evil.com.

Attackers can exploit this flaw by bypassing external-host checks using path-normalization techniques, allowing them to redirect users to attacker-controlled websites via the Location header or meta-refresh.

This can be used to facilitate phishing attacks and theft of OAuth authorization codes.

Impact Analysis

The vulnerability can impact you by enabling attackers to redirect your users to malicious websites without proper validation.

This can lead to phishing attacks where users are tricked into providing sensitive information.

Additionally, attackers can steal OAuth authorization codes, potentially compromising user accounts and access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56326. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart