CVE-2026-45669

Source
https://cve.org/CVERecord?id=CVE-2026-45669
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45669.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45669
Aliases
Published
2026-06-12T12:51:42.640Z
Modified
2026-07-08T08:05:17.236036304Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
Nuxt: Reflected XSS in `navigateTo()` external redirect
Details

Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML redirect body containing a <meta http-equiv="refresh"> tag. The destination URL is only sanitized by replacing " with %22, leaving <, >, &, and ' unencoded. An attacker who can influence the URL passed to navigateTo(url, { external: true }) can break out of the content="…" attribute and inject arbitrary HTML/JavaScript that executes under the application's origin. This issue has been patched in versions 3.21.6 and 4.4.6.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45669.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-83"
    ]
}
References

Affected packages

Git / github.com/nuxt/nuxt

Affected ranges

Type
GIT
Repo
https://github.com/nuxt/nuxt
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.4.3"
        },
        {
            "fixed": "3.21.6"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.4.6"
        }
    ]
}

Affected versions

v3.*
v3.10.0
v3.10.1
v3.10.2
v3.10.3
v3.11.0
v3.11.1
v3.11.2
v3.12.0
v3.12.1
v3.12.2
v3.12.3
v3.12.4
v3.13.0
v3.13.1
v3.13.2
v3.14.0
v3.14.159
v3.14.1592
v3.15.0
v3.15.1
v3.15.2
v3.15.3
v3.15.4
v3.16.0
v3.16.1
v3.16.2
v3.17.0
v3.17.1
v3.17.2
v3.17.3
v3.17.4
v3.17.5
v3.17.6
v3.17.7
v3.18.0
v3.18.1
v3.19.0
v3.19.1
v3.19.2
v3.19.3
v3.20.0
v3.20.1
v3.20.2
v3.21.0
v3.21.1
v3.21.2
v3.21.3
v3.21.4
v3.21.5
v3.4.3
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.8.0
v3.8.1
v3.8.2
v3.9.0
v3.9.1
v3.9.2
v3.9.3
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0
v4.2.1
v4.2.2
v4.3.0
v4.3.1
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45669.json"