CVE-2026-34404— Nuxt OG Image vulnerable to DoS via image generation

EPSS 0.06% · P19 Updated Apr 02, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-34404

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Nuxt OG Image vulnerable to DoS via image generation

Source: NVD (National Vulnerability Database)

Vulnerability Description

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates. This issue has been patched in version 6.2.5.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

未加控制的资源消耗(资源穷尽)

Source: NVD (National Vulnerability Database)

Vulnerability Title

nuxt-og-image 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

nuxt-og-image是Nuxt Modules开源的一个为Nuxt应用生成社交媒体预览图的工具。 nuxt-og-image 6.2.5之前版本存在资源管理错误漏洞，该漏洞源于图像生成组件对宽度和高度参数无限制，可能导致拒绝服务攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
nuxt-modules	og-image	< 6.2.5	-

II. Public POCs for CVE-2026-34404

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-34404

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: og-image

CVE-2026-34405
Nuxt OG Image vulnerable to reflected XSS via query paramete

Same vendor: nuxt-modules

Same weakness: CWE-400

V. Comments for CVE-2026-34404

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-34404— Nuxt OG Image vulnerable to DoS via image generation

I. Basic Information for CVE-2026-34404

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-34404

III. Intelligence Information for CVE-2026-34404

IV. Related Vulnerabilities

V. Comments for CVE-2026-34404

Leave a comment