Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket...

6.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit the unprotected module request handler to read arbitrary files such as .env and SSH keys through the SSR plugin pipeline. Production builds are unaffected, as the IPC server runs only in development.

Basic Information

ID CVE-2026-56301

Source VulnCheck

Published Jun 23, 2026 at 12:13

Affected Product

Vendor Nuxt

Product Nuxt

Version 4.0.0

Affected Versions Nuxt Nuxt 4.0.0
Nuxt Nuxt 3.18.0

CWE Classification

CWE-276

References

{
    "lastseen": "",
    "description": "Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit the unprotected module request handler to read arbitrary files such as .env and SSH keys through the SSR plugin pipeline. Production builds are unaffected, as the IPC server runs only in development.",
    "published": "2026-06-23T12:13:02.034Z",
    "modified": "2026-06-23T12:13:02.034Z",
    "type": "cve",
    "title": "Nuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux",
    "source": "VulnCheck",
    "references": "https://github.com/nuxt/nuxt/security/advisories/GHSA-534h-c3cw-v3h9\nhttps://github.com/nuxt/nuxt/commit/1f9f4767a8725104da9bee872bb8d35246f25ae5\nhttps://github.com/nuxt/nuxt/commit/c293bf9503ccb3bc9559bff4a1f592f99063c9ea\nhttps://www.vulncheck.com/advisories/nuxt-arbitrary-file-read-via-world-connectable-vite-node-ipc-socket-on-linux",
    "id": "CVE-2026-56301",
    "bulletinFamily": "",
    "cwe": [
        "CWE-276"
    ],
    "cvelist": null,
    "sourceData": "Nuxt Nuxt 4.0.0\nNuxt Nuxt 3.18.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Nuxt",
    "version": "4.0.0",
    "vendor": "Nuxt",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301