Package impact
npm / @nuxt/nitro-server
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46342 | low | — | 2.5 | 10d ago | Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning | |||
| CVE-2026-47200 | unknown | — | — | 5h ago | Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*` |