{"uuid": "db454273-c696-4665-b4b6-6a9665935bea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42530", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116775720185561378", "content": "F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus\nF5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.\n**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing \"quic\" from all listen directives, and remove the \"ignore_invalid_headers off\" directive or shrink \"large_client_header_buffers\" to block these attacks until you update.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L", "creation_timestamp": "2026-06-19T13:20:05.850994Z"}