Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-56697
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-22 Jun, 2026 | 21:04
Updated At-23 Jun, 2026 | 13:51
Rejected At-
▼CVE Numbering Authority (CNA)
Nuxt - Open Redirect via Protocol-Relative Paths in reloadNuxtApp

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-origin URL against the current page protocol. Attackers can inject paths like //evil.com to redirect users to attacker-controlled hosts, enabling phishing and OAuth authorization-code theft.

Affected Products
Vendor
Nuxt
Product
Nuxt
Default Status
unaffected
Versions
Affected
  • From 4.0.0 before 4.4.7 (semver)
Unaffected
  • 4.4.7 (semver)
Vendor
Nuxt
Product
Nuxt
Default Status
unaffected
Versions
Affected
  • From 0 before 3.21.7 (semver)
Unaffected
  • 3.21.7 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-601URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
alcls01111
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nuxt/nuxt/security/advisories/GHSA-c9cv-mq2m-ppp3
vendor-advisory
https://github.com/nuxt/nuxt/commit/e447a793c47766834f7497f8412a76cd56fd8ee1
patch
https://github.com/nuxt/nuxt/commit/6497d99dd106254abd089f6a263d7773869a343b
patch
https://www.vulncheck.com/advisories/nuxt-open-redirect-via-protocol-relative-paths-in-reloadnuxtapp
third-party-advisory
Hyperlink: https://github.com/nuxt/nuxt/security/advisories/GHSA-c9cv-mq2m-ppp3
Resource:
vendor-advisory
Hyperlink: https://github.com/nuxt/nuxt/commit/e447a793c47766834f7497f8412a76cd56fd8ee1
Resource:
patch
Hyperlink: https://github.com/nuxt/nuxt/commit/6497d99dd106254abd089f6a263d7773869a343b
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/nuxt-open-redirect-via-protocol-relative-paths-in-reloadnuxtapp
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found