CVE-2026-34404 MEDIUM

CVE-2026-34404: Nuxt OG Image vulnerable to DoS via image generation

Vendor Nuxt-Modules

Product og-image

Weakness CWE-400

Published March 31, 2026

Last update April 1, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates. This issue has been patched in version 6.2.5.

Key dates

02Disclosure timeline

March 31, 2026 CVE published

April 1, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-34404 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

CVE-2026-34404: Nuxt OG Image vulnerable to DoS via image generation

01Description

02Disclosure timeline

03References

04Related CVE