{"vulnerability": "CVE-2026-42055", "sightings": [{"uuid": "9c68fd9f-c00c-4ad1-8f9d-7db01810d455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moiunvadrb24", "content": "CVE-2026-42055 - NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability\nCVE ID : CVE-2026-42055\n \n Published : June 17, 2026, 2:04 p.m. | 3\u00a0hours, 4\u00a0minutes ago\n \n Description : NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_modul...", "creation_timestamp": "2026-06-17T17:47:37.540286Z"}, {"uuid": "10c8116c-3f4f-479b-af90-fb5072861255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mokvn4bbjd2j", "content": "\ud83d\udd17 CVE : CVE-2026-42055, CVE-2026-42530, CVE-2026-48142", "creation_timestamp": "2026-06-18T13:10:33.175843Z"}, {"uuid": "a3ef0514-a716-4979-9aca-39bb7879e85a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1927", "content": "", "creation_timestamp": "2026-06-17T21:00:00.000000Z"}, {"uuid": "f1de6755-e0af-41d3-9ab9-67bfc0ddef16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1929", "content": "", "creation_timestamp": "2026-06-17T21:00:00.000000Z"}, {"uuid": "70aef19b-0cfe-463d-8ba0-557d7820fa80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/dju.eurosky.social/post/3molyw2ol3c2h", "content": "plusieurs CVE dans nginx\n\nCVE-2026-42530\nCVE-2026-42055\nCVE-2026-48142\n\nthehackernews.com/2026/06/f5-p...", "creation_timestamp": "2026-06-18T23:41:47.806117Z"}, {"uuid": "3b0e5434-ac6d-4f2b-995e-558744c22aa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moln6ygxmd2v", "content": "\ud83d\udea8 HIGH: CVE-2026-42055\n\nCVSS 8.1/10\n\n\ud83d\udccb WHAT IT IS:\nNGINX Open Source has a vulnerability in the HTTP/2 module. A remote unauthenticated attacker can send a specially crafted HTTP/2 request that causes a heap buffer overflow in the NGINX worker process. This may allow remote code execution. Exploitat", "creation_timestamp": "2026-06-18T20:12:00.319706Z"}, {"uuid": "28d9557d-8c87-465c-8434-a529b7ebf6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116775720185561378", "content": "F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus\nF5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.\n**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing \"quic\" from all listen directives, and remove the \"ignore_invalid_headers off\" directive or shrink \"large_client_header_buffers\" to block these attacks until you update.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L", "creation_timestamp": "2026-06-19T13:20:06.012658Z"}, {"uuid": "bafb4518-ef03-4612-8030-89c6edb56b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3molqwn4o5k62", "content": "F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution TheHackerNews F5 fixes CVE-2026-42530 and CVE-2026-42055 in NGINX Open Source, addressing HTTP/3 and HTTP/2 flaws that...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-06-18T21:18:58.455597Z"}, {"uuid": "4cca1073-b6a8-42fd-a52d-106a110227eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3molsfz3p3b2n", "content": "F5 patched two critical NGINX Open Source flaws, CVE-2026-42530 and CVE-2026-42055, that could enable remote code execution in certain configs. Mitigations include disabling HTTP/3 or adjusting headers. #NGINX #F5 #CVE202642530", "creation_timestamp": "2026-06-18T21:45:26.120014Z"}, {"uuid": "45138370-dab5-47ec-bb7f-3a60687612d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42055", "type": "seen", "source": "https://bsky.app/profile/thecybersecguru.com/post/3mompp6rrhu2b", "content": "Two 9.2s in stock NGINX: inside the HTTP/3 QPACK use-after-free and the gRPC heap overflow F5 just\u00a0patched\n\nF5 patched two critical NGINX flaws (CVSS 9.2): a QPACK use-after-free in HTTP/3 and a gRPC heap overflow. Full\u2026\n\nhttps://thecybersecguru.com/news/nginx-cve-2026-42530-cve-2026-42055-rce/", "creation_timestamp": "2026-06-19T06:29:31.995649Z"}, {"uuid": "eea2c778-08e9-4d9e-9266-3f99a3d90886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42055", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3momr3spaum2v", "content": "\ud83d\udcf0 Picu Kerusakan Memori, F5 Rilis Patch Darurat Tutup Celah Kritis RCE pada NGINX\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/19/f5-rilis-patch-darurat-celah-kritis-nginx/\n\n#aslr #bufferOverflow #cve-2026-42055 #cve-2026-42530 #dos #f5 #http3 #nginx #outOfBand #patchDarurat ", "creation_timestamp": "2026-06-19T06:54:28.499995Z"}, {"uuid": "a76787a2-f0ce-4eac-aaa6-4a1b1633a25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oly22s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:57.061829Z"}, {"uuid": "75b96418-1e26-4553-832d-85f6ddd20b1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3monjucmz5s2h", "content": "F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution\n\nF5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnera\u2026\n#hackernews #news", "creation_timestamp": "2026-06-19T14:17:41.146746Z"}, {"uuid": "fd6e90a2-0252-4d3a-9762-a7a3c4a379cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7o7bs2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:53.287974Z"}, {"uuid": "e9567ef2-bbc9-40bd-9480-e291a8fd8908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oj2c2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:55.143782Z"}]}