CVE-2026-34405

MEDIUM NVD

CVSS Score 6.1

Severity MEDIUM

Published Mar 31, 2026

Vendor unknown

Description

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in version 6.2.5.

References

https://github.com/nuxt-modules/og-image/security/advisories/GHSA-mg36-wvcr-m75h