[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-41248":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-25T12:20:59.409Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":37,"aliases":38,"duplicate_of":9,"upstream":39,"downstream":40,"duplicates":41,"related":42,"reserved_at":9,"published_at":43,"modified_at":43,"state":44,"summary":45,"references_raw":52,"kevs":59,"epss":9,"epss_history":60,"metrics":61,"affected":69},"CVE-2026-41248","Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in @clerk/astro 1.5.7, 2.17.10, and 3.0.15; @clerk/nextjs 5.7.6, 6.39.2, and 7.2.1; @clerk/nuxt 1.13.28 and 2.2.2; and @clerk/shared 2.22.1, 3.47.4, anc 4.8.1",null,[11,31],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-436","Interpretation Conflict","Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.","weakness","Incomplete","Class",[19,23,27],{"id":20,"name":21,"techniques":22},"CAPEC-105","HTTP Request Splitting",[],{"id":24,"name":25,"techniques":26},"CAPEC-273","HTTP Response Smuggling",[],{"id":28,"name":29,"techniques":30},"CAPEC-34","HTTP Response Splitting",[],{"_key":32,"id":32,"name":33,"description":34,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":35,"capec":36},"CWE-863","Incorrect Authorization","The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.","High",[],[],[],[],[],[],[],"2026-04-24T21:04:35.810Z","Received",{"cisa_kev":46,"cisa_ransomware":46,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":47,"severity_score":48,"severity_version":49,"severity_source":50,"severity_vector":51,"severity_status":44},false,"critical",9.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",[53],{"url":54,"sources":55,"tags":57},"https://github.com/clerk/javascript/security/advisories/GHSA-vqx2-fgx2-5wq9",[50,56],"nvd",[58],"X Refsource CONFIRM",[],[],[62,67],{"source":50,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":63,"cvss_v4_0":9},{"baseScore":48,"baseSeverity":64,"vectorString":51,"impactScore":65,"exploitabilityScore":66},"CRITICAL",8.7,10,{"source":56,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":68,"cvss_v4_0":9},{"baseScore":48,"baseSeverity":64,"vectorString":51,"impactScore":65,"exploitabilityScore":66},[70,90,105,116],{"ecosystem":9,"name":71,"vendor":72,"product":71,"cpe_part":73,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":74},"astro","clerk","a",[75,82,86],{"version":76,"is_range":77,"range_type":50,"version_start":78,"version_start_type":79,"version_end":80,"version_end_type":81,"fixed_in":9},">= 0.0.1, \u003C 1.5.7",true,"0.0.1","including","1.5.7","excluding",{"version":83,"is_range":77,"range_type":50,"version_start":84,"version_start_type":79,"version_end":85,"version_end_type":79,"fixed_in":9},">= 2.0.0-snapshot.v20241206174604, \u003C= 2.17.9","2.0.0-snapshot.v20241206174604","2.17.9",{"version":87,"is_range":77,"range_type":50,"version_start":88,"version_start_type":79,"version_end":89,"version_end_type":81,"fixed_in":9},">= 3.0.0, \u003C 3.0.15","3.0.0","3.0.15",{"ecosystem":9,"name":91,"vendor":72,"product":91,"cpe_part":73,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":92},"nextjs",[93,97,101],{"version":94,"is_range":77,"range_type":50,"version_start":95,"version_start_type":79,"version_end":96,"version_end_type":81,"fixed_in":9},">= 5.0.0, \u003C 5.7.6","5.0.0","5.7.6",{"version":98,"is_range":77,"range_type":50,"version_start":99,"version_start_type":79,"version_end":100,"version_end_type":81,"fixed_in":9},">= 6.0.0-snapshot.vb87a27f, \u003C 6.39.2","6.0.0-snapshot.vb87a27f","6.39.2",{"version":102,"is_range":77,"range_type":50,"version_start":103,"version_start_type":79,"version_end":104,"version_end_type":81,"fixed_in":9},">= 7.0.0, \u003C 7.2.1","7.0.0","7.2.1",{"ecosystem":9,"name":106,"vendor":72,"product":106,"cpe_part":73,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":107},"nuxt",[108,112],{"version":109,"is_range":77,"range_type":50,"version_start":110,"version_start_type":79,"version_end":111,"version_end_type":81,"fixed_in":9},">= 1.1.0, \u003C 1.13.28","1.1.0","1.13.28",{"version":113,"is_range":77,"range_type":50,"version_start":114,"version_start_type":79,"version_end":115,"version_end_type":81,"fixed_in":9},">= 2.0.0, \u003C 2.2.2","2.0.0","2.2.2",{"ecosystem":9,"name":117,"vendor":72,"product":117,"cpe_part":73,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":118},"shared",[119,123,127],{"version":120,"is_range":77,"range_type":50,"version_start":121,"version_start_type":79,"version_end":122,"version_end_type":81,"fixed_in":9},">= 2.20.17, \u003C 2.22.1","2.20.17","2.22.1",{"version":124,"is_range":77,"range_type":50,"version_start":125,"version_start_type":79,"version_end":126,"version_end_type":81,"fixed_in":9},">= 3.0.0-canary.v20250225091530, \u003C 3.47.4","3.0.0-canary.v20250225091530","3.47.4",{"version":128,"is_range":77,"range_type":50,"version_start":129,"version_start_type":79,"version_end":130,"version_end_type":81,"fixed_in":9},">= 4.0.0, \u003C 4.8.1","4.0.0","4.8.1"]