CVE-2026-56301

Source
https://cve.org/CVERecord?id=CVE-2026-56301
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56301.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-56301
Aliases
Published
2026-06-23T12:13:02.034Z
Modified
2026-07-08T08:13:50.485226011Z
Severity
  • 6.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Nuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux
Details

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit the unprotected module request handler to read arbitrary files such as .env and SSH keys through the SSR plugin pipeline. Production builds are unaffected, as the IPC server runs only in development.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56301.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-276"
    ]
}
References

Affected packages

Git / github.com/nuxt/nuxt

Affected ranges

Type
GIT
Repo
https://github.com/nuxt/nuxt
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:nuxt:nuxt:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.18.0"
        },
        {
            "fixed": "3.21.7"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.4.7"
        }
    ]
}

Affected versions

v3.*
v3.18.0
v3.18.1
v3.19.0
v3.19.1
v3.19.2
v3.19.3
v3.20.0
v3.20.1
v3.20.2
v3.21.0
v3.21.1
v3.21.2
v3.21.3
v3.21.4
v3.21.5
v3.21.6
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0
v4.2.1
v4.2.2
v4.3.0
v4.3.1
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56301.json"