cleantalk
Vulnerabilities and Security Researches

NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images, CVE-2026-39669

CVE, Research URL

CVE-2026-39669

Home page URL

Security reports for NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images

Application

NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images

Published on
Apr 08, 2026
Research Description
Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through <= 1.19.3.
Affected versions
max 1.19.3.
Status
vulnerable
Previous vulnerability researches
NitroPack – Cache &amp; Speed Optimization for Core Web Vitals, Defer CSS &amp; JavaScript, Lazy load Images (CVE-2024-43922) , Aug 29, 2024
NitroPack – Cache &amp; Speed Optimization for Core Web Vitals, Defer CSS &amp; JavaScript, Lazy load Images (CVE-2026-39669) , Apr 13, 2026
NitroPack – Cache &amp; Speed Optimization for Core Web Vitals, Defer CSS &amp; JavaScript, Lazy load Images (CVE-2024-11848) , Jan 15, 2025
NitroPack – Cache &amp; Speed Optimization for Core Web Vitals, Defer CSS &amp; JavaScript, Lazy load Images (CVE-2024-11851) , Jan 15, 2025
NitroPack – Cache &amp; Speed Optimization for Core Web Vitals, Defer CSS &amp; JavaScript, Lazy load Images (CVE-2023-52121) , Jun 07, 2024
New vulnerability
Custom Blocks Constructor &#8211; Lazy Blocks (CVE-2025-58258) , Apr 24, 2026
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-59576) , Apr 24, 2026
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-59577) , Apr 24, 2026
Coil Web Monetization (CVE-2025-9625) , Apr 24, 2026
Quran Live Multilanguage (CVE-2026-4074) , Apr 24, 2026