CVE-2026-34404

Nuxt OG Image vulnerable to DoS via image generation

Description

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates. This issue has been patched in version 6.2.5.

INFO

Published Date :

2026-03-31T21:16:07.824Z

Last Modified :

2026-04-01T13:37:28.025Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-34404 vulnerability.

Vendors	Products
Nuxt-modules	Og-image

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34404.

URL	Resource
https://github.com/nuxt-modules/og-image/security/advisories/GHSA-c7xp-q6q8-hg76

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability