CVE-2026-34404

HIGH WAF: Medium

CVSS 7.5 Published: 2026-03-31

CWE-400

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates. This issue has been patched in version 6.2.5.

WAF Coverage Analysis

Uncontrolled Resource Consumption Medium WAF Coverage

OWASP: A05:2021 Security Misconfiguration

912xxx - DOS Protection

Affected Software

Vendor	Product	Version
nuxt	og_image	up to 6.2.5

References

github.com (Vendor Advisory)

Back to CVE Database