|
Vulnerabilities
< Back

GHSA-534h-c3cw-v3h9

Updated on 16 Jun 2026

Severity

5.5 Medium severity

Details

CVSS score
5.5
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

Impact

When running nuxt dev on Linux (Node.js 20+, outside Docker / StackBlitz), Nuxt’s internal vite-node IPC server binds to a Linux abstract-namespace Unix socket (\0nuxt-vite-node-<pid>-<ts>.sock). Abstract sockets have no filesystem inode and therefore no permission bits: any local UID on the host that can read /proc/net/unix can enumerate the socket and connect to it.

The IPC server does not perform any peer-credential or shared-secret check before dispatching requests. The module request type passes its moduleId field straight into Vite’s SSR fetchModule(), which is not gated by Vite’s HTTP-layer server.fs.allow deny-list. A co-resident unprivileged local user can therefore request paths like /home/<dev>/project/.env?raw or ~/.ssh/id_rsa?raw and read the developer’s secrets through the dev server’s SSR plugin pipeline. The resolve request type additionally enables filesystem probing.

This affects developers running nuxt dev on shared multi-tenant Linux hosts (lab machines, shared bastions, CI runners shared between jobs without per-job container isolation). It does not affect:

  • Production builds (nuxt build / nuxt start). The IPC server only runs in development.
  • macOS or Windows developers.
  • Docker / StackBlitz environments, which already fall back to a filesystem socket.
  • Single-user laptops or per-job containerised CI.

Patches

Fixed in [email protected] (commit 1f9f4767) and backported to [email protected] (commit c293bf95).

The fix removes the abstract-namespace branch entirely. The IPC server now always binds to a filesystem Unix socket under the OS temp directory and explicitly chmod 0600s it after listen(), restricting connections to the owning UID. If the chmod fails for any reason, the server closes rather than serve requests on an unrestricted channel.

Workarounds

If you cannot upgrade immediately on an affected host:

  • Run nuxt dev inside a container or VM with no other tenants. Docker already triggers the filesystem-socket fallback in vulnerable versions and that fallback is unaffected.
  • Bind the dev process to a single-user namespace (unshare -U, rootless containers).
  • Restrict /proc/net/unix visibility via hidepid=2 mount options where applicable, though this is partial mitigation only.

References

  • Affected file: packages/vite/src/plugins/vite-node.ts
  • CWE-276: Incorrect Default Permissions

Credit

Reported by Anthropic / Claude as part of Anthropic’s coordinated vulnerability disclosure programme, reference ANT-2026-MSNKZFAT. Thanks to the Anthropic security team for the report and the detailed reproduction.

Independently reported by @alcls01111 via GitHub’s coordinated disclosure flow (GHSA-5gvc-46gq-948j), closed as a duplicate of this advisory.

Details

Affected product:
nuxt
Affected packages:
nuxt-kit @ 4.0.3 (+6 more)

Impact

When running nuxt dev on Linux (Node.js 20+, outside Docker / StackBlitz), Nuxt’s internal vite-node IPC server binds to a Linux abstract-namespace Unix socket (\0nuxt-vite-node-<pid>-<ts>.sock). Abstract sockets have no filesystem inode and therefore no permission bits: any local UID on the host that can read /proc/net/unix can enumerate the socket and connect to it.

The IPC server does not perform any peer-credential or shared-secret check before dispatching requests. The module request type passes its moduleId field straight into Vite’s SSR fetchModule(), which is not gated by Vite’s HTTP-layer server.fs.allow deny-list. A co-resident unprivileged local user can therefore request paths like /home/<dev>/project/.env?raw or ~/.ssh/id_rsa?raw and read the developer’s secrets through the dev server’s SSR plugin pipeline. The resolve request type additionally enables filesystem probing.

This affects developers running nuxt dev on shared multi-tenant Linux hosts (lab machines, shared bastions, CI runners shared between jobs without per-job container isolation). It does not affect:

  • Production builds (nuxt build / nuxt start). The IPC server only runs in development.
  • macOS or Windows developers.
  • Docker / StackBlitz environments, which already fall back to a filesystem socket.
  • Single-user laptops or per-job containerised CI.

Patches

Fixed in [email protected] (commit 1f9f4767) and backported to [email protected] (commit c293bf95).

The fix removes the abstract-namespace branch entirely. The IPC server now always binds to a filesystem Unix socket under the OS temp directory and explicitly chmod 0600s it after listen(), restricting connections to the owning UID. If the chmod fails for any reason, the server closes rather than serve requests on an unrestricted channel.

Workarounds

If you cannot upgrade immediately on an affected host:

  • Run nuxt dev inside a container or VM with no other tenants. Docker already triggers the filesystem-socket fallback in vulnerable versions and that fallback is unaffected.
  • Bind the dev process to a single-user namespace (unshare -U, rootless containers).
  • Restrict /proc/net/unix visibility via hidepid=2 mount options where applicable, though this is partial mitigation only.

References

  • Affected file: packages/vite/src/plugins/vite-node.ts
  • CWE-276: Incorrect Default Permissions

Credit

Reported by Anthropic / Claude as part of Anthropic’s coordinated vulnerability disclosure programme, reference ANT-2026-MSNKZFAT. Thanks to the Anthropic security team for the report and the detailed reproduction.

Independently reported by @alcls01111 via GitHub’s coordinated disclosure flow (GHSA-5gvc-46gq-948j), closed as a duplicate of this advisory.