GHSA-534h-c3cw-v3h9: Local Information Disclosure via Abstract-Namespace Socket in Nuxt Dev Server
Vulnerability ID: GHSA-534H-C3CW-V3H9
CVSS Score: 5.5
Published: 2026-06-16
A local security vulnerability in the Nuxt development server (nuxt dev) allows local unprivileged users to access sensitive configuration files and source code. On Linux environments running Node.js 20+, Nuxt bound its internal vite-node IPC server to an abstract-namespace Unix socket without any peer authentication, enabling co-resident local users to connect and request module code directly.
TL;DR
Nuxt dev server's use of abstract-namespace Unix sockets on Linux allowed unauthorized local users to connect to the internal IPC server and extract sensitive developer files (such as .env files) without authentication.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-276
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Exploit Status: Proof of Concept
Affected Systems
- Nuxt Development Framework
-
nuxt: >= 4.0.0, < 4.4.7 (Fixed in:
4.4.7) -
nuxt: >= 3.18.0, < 3.21.7 (Fixed in:
3.21.7)
Mitigation Strategies
- Update the nuxt dependency in package.json to the latest secure release.
- Containerize the development environment using Docker or Podman to isolate Unix network namespaces.
- Configure host system process boundaries (e.g., hidepid mount options) to prevent unprivileged socket enumeration.
Remediation Steps:
- Run
npm update nuxtoryarn upgrade nuxtto update the dependency to version 4.4.7+ or 3.21.7+. - Verify your node modules contain the patched code in packages/vite/dist/index.mjs.
- Avoid running local dev environments on multi-tenant systems without strict containerization.
References
- GitHub Security Advisory GHSA-534h-c3cw-v3h9
- Nuxt Security Advisory
- Nuxt main patch commit (v4 branch)
- Nuxt backport patch commit (v3 branch)
Read the full report for GHSA-534H-C3CW-V3H9 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)