{"uuid": "fd5fe5cc-fc57-4564-81ae-ac624f796f6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42533", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/116925017337379554", "content": "That's a lot of Fixes introduced in: NONE.\nhttps://my.f5.com/manage/s/article/K000162097\n\nA vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. (CVE-2026-42533)\nhttps://my.f5.com/manage/s/article/K000162097", "creation_timestamp": "2026-07-15T16:49:36.478685Z"}