Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-42934 (GCVE-0-2026-42934)
Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:07
VLAI?
EPSS
Title
NGINX ngx_http_charset_module vulnerability
Summary
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
4.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000161028 | vendor-advisorypatch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | NGINX Plus |
Unaffected:
R37 , < *
(custom)
Affected: R36 , < R36 P4 (custom) Affected: R32 , < R32 P6 (custom) |
|
| F5 | NGINX Open Source |
Unaffected:
1.31.0 , < *
(semver)
Affected: 0.3.50 , < 1.30.1 (semver) |
Date Public ?
2026-05-13 14:00
Credits
F5 acknowledges David Carlier and Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T15:55:18.483975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T16:07:10.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ngx_http_charset_module"
],
"product": "NGINX Plus",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "R37",
"versionType": "custom"
},
{
"lessThan": "R36 P4",
"status": "affected",
"version": "R36",
"versionType": "custom"
},
{
"lessThan": "R32 P6",
"status": "affected",
"version": "R32",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"ngx_http_charset_module"
],
"product": "NGINX Open Source",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.31.0",
"versionType": "semver"
},
{
"lessThan": "1.30.1",
"status": "affected",
"version": "0.3.50",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5 acknowledges David Carlier and Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2026-05-13T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_charset_module \u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emodule. When \u003c/span\u003e\u003cstrong\u003echarset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, \u003c/span\u003e\u003cstrong\u003esource_charset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, and \u003c/span\u003e\u003cstrong\u003echarset_map\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003eproxy_pass\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:12:44.331Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://my.f5.com/manage/s/article/K000161028"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "NGINX ngx_http_charset_module vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2026-42934",
"datePublished": "2026-05-13T14:12:44.331Z",
"dateReserved": "2026-04-30T23:04:27.960Z",
"dateUpdated": "2026-05-13T16:07:10.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42934",
"date": "2026-05-18",
"epss": "0.00026",
"percentile": "0.07366"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42934\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2026-05-13T16:16:49.910\",\"lastModified\":\"2026-05-13T16:27:11.127\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\\\"off\\\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\\n\\n\\n\\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://my.f5.com/manage/s/article/K000161028\",\"source\":\"f5sirt@f5.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42934\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T15:55:18.483975Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T16:07:05.799Z\"}}], \"cna\": {\"title\": \"NGINX ngx_http_charset_module vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"F5 acknowledges David Carlier and Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"modules\": [\"ngx_http_charset_module\"], \"product\": \"NGINX Plus\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"R37\", \"lessThan\": \"*\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R36\", \"lessThan\": \"R36 P4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R32\", \"lessThan\": \"R32 P6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"F5\", \"modules\": [\"ngx_http_charset_module\"], \"product\": \"NGINX Open Source\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.31.0\", \"lessThan\": \"*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.3.50\", \"lessThan\": \"1.30.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-05-13T14:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K000161028\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\\u00a0and proxy_pass\\u00a0with disabled buffering (\\\"off\\\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\\n\\n\\n\\n\\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_charset_module \u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003emodule. When \u003c/span\u003e\u003cstrong\u003echarset\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e, \u003c/span\u003e\u003cstrong\u003esource_charset\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e, and \u003c/span\u003e\u003cstrong\u003echarset_map\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003eproxy_pass\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;with disabled buffering (\\\"off\\\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/span\u003e\\n\\n\u003c/span\u003e\\n\\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2026-05-13T14:12:44.331Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42934\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T16:07:10.334Z\", \"dateReserved\": \"2026-04-30T23:04:27.960Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2026-05-13T14:12:44.331Z\", \"assignerShortName\": \"f5\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2026-1527
Vulnerability from csaf_certbund - Published: 2026-05-14 22:00 - Updated: 2026-05-18 22:00Summary
NGINX Open Source and NGINX Plus: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: NGINX Plus ist die kommerzielle Variante von NGINX, einer Webserver-, Reverse Proxy- und E-Mail Proxy Software.
NGINX ist eine Webserver-, Reverse Proxy- und E-Mail-Proxy Software.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in NGINX Open Source and NGINX Plus ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX Plus <37.0.0
NGINX / NGINX Plus
|
<37.0.0 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P6
NGINX / NGINX Plus
|
<R32 P6 | ||
|
NGINX NGINX Open Source <1.30.1
NGINX / NGINX
|
Open Source <1.30.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NGINX NGINX Open Source <1.31.0
NGINX / NGINX
|
Open Source <1.31.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
NGINX NGINX Plus <R36 P4
NGINX / NGINX Plus
|
<R36 P4 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P6
NGINX / NGINX Plus
|
<R32 P6 | ||
|
NGINX NGINX Open Source <1.30.1
NGINX / NGINX
|
Open Source <1.30.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NGINX NGINX Open Source <1.31.0
NGINX / NGINX
|
Open Source <1.31.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
NGINX NGINX Plus <R36 P4
NGINX / NGINX Plus
|
<R36 P4 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Open Source <1.30.1
NGINX / NGINX
|
Open Source <1.30.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NGINX NGINX Open Source <1.31.0
NGINX / NGINX
|
Open Source <1.31.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX Plus <37.0.0
NGINX / NGINX Plus
|
<37.0.0 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P6
NGINX / NGINX Plus
|
<R32 P6 | ||
|
NGINX NGINX Open Source <1.30.1
NGINX / NGINX
|
Open Source <1.30.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NGINX NGINX Open Source <1.31.0
NGINX / NGINX
|
Open Source <1.31.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
NGINX NGINX Plus <R36 P4
NGINX / NGINX Plus
|
<R36 P4 |
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NGINX NGINX Plus <37.0.0
NGINX / NGINX Plus
|
<37.0.0 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P6
NGINX / NGINX Plus
|
<R32 P6 | ||
|
NGINX NGINX Open Source <1.30.1
NGINX / NGINX
|
Open Source <1.30.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NGINX NGINX Open Source <1.31.0
NGINX / NGINX
|
Open Source <1.31.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
NGINX NGINX Plus <R36 P4
NGINX / NGINX Plus
|
<R36 P4 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus <R32 P6
NGINX / NGINX Plus
|
<R32 P6 | ||
|
NGINX NGINX Open Source <1.30.1
NGINX / NGINX
|
Open Source <1.30.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NGINX NGINX Open Source <1.31.0
NGINX / NGINX
|
Open Source <1.31.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
NGINX NGINX Plus <R36 P4
NGINX / NGINX Plus
|
<R36 P4 |
References
33 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "NGINX Plus ist die kommerzielle Variante von NGINX, einer Webserver-, Reverse Proxy- und E-Mail Proxy Software.\r\nNGINX ist eine Webserver-, Reverse Proxy- und E-Mail-Proxy Software.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in NGINX Open Source and NGINX Plus ausnutzen, um Sicherheitsvorkehrungen zu umgehen, beliebigen Code auszuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1527 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1527.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1527 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1527"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-GCGV-V5GF-C543 vom 2026-05-13",
"url": "https://github.com/advisories/GHSA-GCGV-V5GF-C543"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-H7RQ-F9GQ-MC8R vom 2026-05-13",
"url": "https://github.com/advisories/GHSA-H7RQ-F9GQ-MC8R"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-X88Q-X2R7-VG3G vom 2026-05-13",
"url": "https://github.com/advisories/GHSA-X88Q-X2R7-VG3G"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-V43F-895R-CHHH vom 2026-05-13",
"url": "https://github.com/advisories/GHSA-V43F-895R-CHHH"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6VMC-2WH4-77QP vom 2026-05-13",
"url": "https://github.com/advisories/GHSA-6VMC-2WH4-77QP"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-FM65-XRRR-C358 vom 2026-05-13",
"url": "https://github.com/advisories/GHSA-FM65-XRRR-C358"
},
{
"category": "external",
"summary": "PoC CVE-2026-42945 vom 2026-05-13",
"url": "https://github.com/p3Nt3st3r-sTAr/CVE-2026-42945-POC"
},
{
"category": "external",
"summary": "F5 Security Advisory K000161019 vom 2026-05-13",
"url": "https://my.f5.com/manage/s/article/K000161019"
},
{
"category": "external",
"summary": "F5 Security Advisory K000161021 vom 2026-05-13",
"url": "https://my.f5.com/manage/s/article/K000161021"
},
{
"category": "external",
"summary": "F5 Security Advisory K000161068 vom 2026-05-13",
"url": "https://my.f5.com/manage/s/article/K000161068"
},
{
"category": "external",
"summary": "F5 Security Advisory K000161131 vom 2026-05-13",
"url": "https://my.f5.com/manage/s/article/K000161131"
},
{
"category": "external",
"summary": "F5 Security Advisory K000161027 vom 2026-05-13",
"url": "https://my.f5.com/manage/s/article/K000161027"
},
{
"category": "external",
"summary": "F5 Security Advisory K000161028 vom 2026-05-13",
"url": "https://my.f5.com/manage/s/article/K000161028"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-094EB13BB1 vom 2026-05-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-094eb13bb1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8271-1 vom 2026-05-14",
"url": "https://ubuntu.com/security/notices/USN-8271-1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-FB53CB4D67 vom 2026-05-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-fb53cb4d67"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-38623B4FED vom 2026-05-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-38623b4fed"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17751 vom 2026-05-15",
"url": "https://access.redhat.com/errata/RHSA-2026:17751"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17753 vom 2026-05-15",
"url": "https://access.redhat.com/errata/RHSA-2026:17753"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17752 vom 2026-05-15",
"url": "https://access.redhat.com/errata/RHSA-2026:17752"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:18029 vom 2026-05-18",
"url": "https://access.redhat.com/errata/RHSA-2026:18029"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17790 vom 2026-05-15",
"url": "https://access.redhat.com/errata/RHSA-2026:17790"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17791 vom 2026-05-15",
"url": "https://access.redhat.com/errata/RHSA-2026:17791"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17792 vom 2026-05-16",
"url": "https://access.redhat.com/errata/RHSA-2026:17792"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17793 vom 2026-05-15",
"url": "https://access.redhat.com/errata/RHSA-2026:17793"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17794 vom 2026-05-16",
"url": "https://access.redhat.com/errata/RHSA-2026:17794"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:18063 vom 2026-05-18",
"url": "https://access.redhat.com/errata/RHSA-2026:18063"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:18041 vom 2026-05-18",
"url": "https://access.redhat.com/errata/RHSA-2026:18041"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4589 vom 2026-05-18",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00033.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10796-1 vom 2026-05-18",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EVUBHQ3CZLOXLHHOL5Y3BXTI4PSUI2YD/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:18041 vom 2026-05-18",
"url": "https://errata.build.resf.org/RLSA-2026:18041"
}
],
"source_lang": "en-US",
"title": "NGINX Open Source and NGINX Plus: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-18T22:00:00.000+00:00",
"generator": {
"date": "2026-05-19T05:36:18.303+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1527",
"initial_release_date": "2026-05-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "2",
"summary": "version nicht vorhanden"
},
{
"date": "2026-05-17T22:00:00.000+00:00",
"number": "3",
"summary": "Exploit CVE-2026-42945 best\u00e4tigt"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat, Debian, openSUSE und Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Open Source \u003c1.31.0",
"product": {
"name": "NGINX NGINX Open Source \u003c1.31.0",
"product_id": "T054115"
}
},
{
"category": "product_version",
"name": "Open Source 1.31.0",
"product": {
"name": "NGINX NGINX Open Source 1.31.0",
"product_id": "T054115-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx:open_source__1.31.0"
}
}
},
{
"category": "product_version_range",
"name": "Open Source \u003c1.30.1",
"product": {
"name": "NGINX NGINX Open Source \u003c1.30.1",
"product_id": "T054116"
}
},
{
"category": "product_version",
"name": "Open Source 1.30.1",
"product": {
"name": "NGINX NGINX Open Source 1.30.1",
"product_id": "T054116-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx:open_source__1.30.1"
}
}
}
],
"category": "product_name",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c37.0.0",
"product": {
"name": "NGINX NGINX Plus \u003c37.0.0",
"product_id": "T054112"
}
},
{
"category": "product_version",
"name": "37.0.0",
"product": {
"name": "NGINX NGINX Plus 37.0.0",
"product_id": "T054112-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:37.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003cR36 P4",
"product": {
"name": "NGINX NGINX Plus \u003cR36 P4",
"product_id": "T054113"
}
},
{
"category": "product_version",
"name": "R36 P4",
"product": {
"name": "NGINX NGINX Plus R36 P4",
"product_id": "T054113-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r36_p4"
}
}
},
{
"category": "product_version_range",
"name": "\u003cR32 P6",
"product": {
"name": "NGINX NGINX Plus \u003cR32 P6",
"product_id": "T054118"
}
},
{
"category": "product_version",
"name": "R32 P6",
"product": {
"name": "NGINX NGINX Plus R32 P6",
"product_id": "T054118-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r32_p6"
}
}
}
],
"category": "product_name",
"name": "NGINX Plus"
}
],
"category": "vendor",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40460",
"product_status": {
"known_affected": [
"T054112",
"2951",
"67646",
"T000126",
"T027843",
"T054118",
"T054116",
"T032255",
"T054115",
"74185",
"T054113"
]
},
"release_date": "2026-05-13T22:00:00.000+00:00",
"title": "CVE-2026-40460"
},
{
"cve": "CVE-2026-40701",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T054118",
"T054116",
"T032255",
"T054115",
"74185",
"T054113"
]
},
"release_date": "2026-05-13T22:00:00.000+00:00",
"title": "CVE-2026-40701"
},
{
"cve": "CVE-2026-42926",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T054116",
"T032255",
"T054115",
"74185"
]
},
"release_date": "2026-05-13T22:00:00.000+00:00",
"title": "CVE-2026-42926"
},
{
"cve": "CVE-2026-42934",
"product_status": {
"known_affected": [
"T054112",
"2951",
"67646",
"T000126",
"T027843",
"T054118",
"T054116",
"T032255",
"T054115",
"74185",
"T054113"
]
},
"release_date": "2026-05-13T22:00:00.000+00:00",
"title": "CVE-2026-42934"
},
{
"cve": "CVE-2026-42945",
"product_status": {
"known_affected": [
"T054112",
"2951",
"67646",
"T000126",
"T027843",
"T054118",
"T054116",
"T032255",
"T054115",
"74185",
"T054113"
]
},
"release_date": "2026-05-13T22:00:00.000+00:00",
"title": "CVE-2026-42945"
},
{
"cve": "CVE-2026-42946",
"product_status": {
"known_affected": [
"2951",
"67646",
"T000126",
"T027843",
"T054118",
"T054116",
"T032255",
"T054115",
"74185",
"T054113"
]
},
"release_date": "2026-05-13T22:00:00.000+00:00",
"title": "CVE-2026-42946"
}
]
}
GHSA-6VMC-2WH4-77QP
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30
VLAI?
Details
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity ?
4.8 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-42934"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T16:16:49Z",
"severity": "MODERATE"
},
"details": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-6vmc-2wh4-77qp",
"modified": "2026-05-13T18:30:56Z",
"published": "2026-05-13T18:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42934"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000161028"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
CERTFR-2026-AVI-0591
Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15
De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | N/A | BIG-IP APM versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1 | ||
| F5 | N/A | BIG-IP DNS versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1 | ||
| F5 | N/A | BIG-IP Advanced WAF/ASM versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1 | ||
| F5 | BIG-IP | BIG-IP versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1 | ||
| F5 | BIG-IP Next | BIG-IP Next for Kubernetes versions 2.x antérieures à 2.2.0 | ||
| F5 | NGINX | F5 DoS for NGINX versions 4.8.0 | ||
| F5 | BIG-IP | BIG-IP versions 16.1.0 à 16.1.6 antérieures à 17.1.3 | ||
| F5 | N/A | BIG-IP DNS versions 17.5.0 à 17.5.1 antérieures à 21.0.0 | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 1.7.0 à 1.7.16 antérieures à 1.7.17 | ||
| F5 | BIG-IP | BIG-IP versions 21.0.x antérieures à 21.0.0.2 | ||
| F5 | N/A | BIG-IP SSL Orchestrator versions 21.0.0 antérieures à 21.0.0.1 (SSL Orchestrator 13.1.3) | ||
| F5 | BIG-IP Next | BIG-IP Next SPK versions 2.0.0 à 2.0.2 antérieures à 2.0.3 | ||
| F5 | NGINX | NGINX Open Source versions 1.0.0 à 1.30.0 antérieures à 1.30.1 | ||
| F5 | N/A | BIG-IP BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1 | ||
| F5 | NGINX | NGINX Gateway Fabric versions 1.3.0 à 1.6.2 | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 2.0.0 à 2.0.2 antérieures à 2.0.3 | ||
| F5 | NGINX | NGINX App Protect DoS versions 4.3.0 à 4.7.0 | ||
| F5 | N/A | BIG-IP APM versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4 | ||
| F5 | NGINX | NGINX App Protect WAF versions 4.9.0 à 4.16.0 | ||
| F5 | N/A | BIG-IP SSL Orchestrator versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1 (SSL Orchestrator 12.3.2) | ||
| F5 | NGINX | NGINX Ingress Controller versions 5.0.0 à 5.4.2 | ||
| F5 | BIG-IP | BIG-IP versions 17.5.0 à 17.5.1 antérieures à 21.0.0.2 | ||
| F5 | NGINX | NGINX Ingress Controller versions 3.5.0 à 3.7.2 | ||
| F5 | NGINX | NGINX Open Source versions 0.3.50 à 0.9.7 antérieures à 1.30.1 | ||
| F5 | N/A | BIG-IP DNS versions 21.0.x antérieures à 21.0.0.1 | ||
| F5 | NGINX | NGINX Instance Manager versions 2.16.0 à 2.21.1 | ||
| F5 | N/A | BIG-IP BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4 | ||
| F5 | NGINX | NGINX Plus versions R36 antérieures à R36 P4 | ||
| F5 | BIG-IQ | BIG-IQ Centralized Management versions 8.4.0 antérieures à 8.4.1 | ||
| F5 | N/A | BIG-IP SSL Orchestrator versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4 (SSL Orchestrator 12.3.2) | ||
| F5 | BIG-IP Next | BIG-IP Next CNF versions 1.1.0 à 1.4.0 antérieures à 1.4.1 | ||
| F5 | NGINX | NGINX App Protect WAF versions 5.1.0 à 5.8.0 | ||
| F5 | NGINX | NGINX Gateway Fabric versions 2.0.0 à 2.6.0 | ||
| F5 | NGINX | NGINX Ingress Controller versions 4.0.0 à 4.0.1 | ||
| F5 | N/A | BIG-IP PEM versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1 | ||
| F5 | N/A | BIG-IP APM versions 21.0.x antérieures à 21.0.0.1 | ||
| F5 | N/A | BIG-IP DNS versions 16.1.0 à 16.1.6 antérieures à 17.1.3.1 | ||
| F5 | N/A | BIG-IP PEM versions 21.0.x antérieures à 21.0.0.1 | ||
| F5 | N/A | BIG-IP Advanced WAF/ASM versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4 | ||
| F5 | N/A | BIG-IP Advanced WAF/ASM versions 21.0.x antérieures à 21.0.0.1 | ||
| F5 | N/A | BIG-IP PEM versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4 | ||
| F5 | NGINX | NGINX Plus versions R32 antérieures à R32 P6 | ||
| F5 | NGINX | F5 WAF for NGINX versions 5.9.0 à 5.12.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP APM versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP DNS versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Advanced WAF/ASM versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next for Kubernetes versions 2.x ant\u00e9rieures \u00e0 2.2.0",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 DoS for NGINX versions 4.8.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 16.1.0 \u00e0 16.1.6 ant\u00e9rieures \u00e0 17.1.3",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP DNS versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 21.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 1.7.0 \u00e0 1.7.16 ant\u00e9rieures \u00e0 1.7.17",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP SSL Orchestrator versions 21.0.0 ant\u00e9rieures \u00e0 21.0.0.1 (SSL Orchestrator 13.1.3)",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next SPK versions 2.0.0 \u00e0 2.0.2 ant\u00e9rieures \u00e0 2.0.3",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 1.0.0 \u00e0 1.30.0 ant\u00e9rieures \u00e0 1.30.1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Gateway Fabric versions 1.3.0 \u00e0 1.6.2",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 2.0.0 \u00e0 2.0.2 ant\u00e9rieures \u00e0 2.0.3",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect DoS versions 4.3.0 \u00e0 4.7.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP APM versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions 4.9.0 \u00e0 4.16.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP SSL Orchestrator versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1 (SSL Orchestrator 12.3.2)",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 5.0.0 \u00e0 5.4.2",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 21.0.0.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 3.5.0 \u00e0 3.7.2",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Open Source versions 0.3.50 \u00e0 0.9.7 ant\u00e9rieures \u00e0 1.30.1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP DNS versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Instance Manager versions 2.16.0 \u00e0 2.21.1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus versions R36 ant\u00e9rieures \u00e0 R36 P4",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IQ Centralized Management versions 8.4.0 ant\u00e9rieures \u00e0 8.4.1",
"product": {
"name": "BIG-IQ",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP SSL Orchestrator versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4 (SSL Orchestrator 12.3.2)",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Next CNF versions 1.1.0 \u00e0 1.4.0 ant\u00e9rieures \u00e0 1.4.1",
"product": {
"name": "BIG-IP Next",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX App Protect WAF versions 5.1.0 \u00e0 5.8.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Gateway Fabric versions 2.0.0 \u00e0 2.6.0",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Ingress Controller versions 4.0.0 \u00e0 4.0.1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP PEM versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP APM versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP DNS versions 16.1.0 \u00e0 16.1.6 ant\u00e9rieures \u00e0 17.1.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP PEM versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Advanced WAF/ASM versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP Advanced WAF/ASM versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP PEM versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "NGINX Plus versions R32 ant\u00e9rieures \u00e0 R32 P6",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "F5 WAF for NGINX versions 5.9.0 \u00e0 5.12.1",
"product": {
"name": "NGINX",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-41227",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41227"
},
{
"name": "CVE-2026-39458",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39458"
},
{
"name": "CVE-2026-42781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42781"
},
{
"name": "CVE-2026-42780",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42780"
},
{
"name": "CVE-2026-40701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40701"
},
{
"name": "CVE-2026-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42920"
},
{
"name": "CVE-2026-42409",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42409"
},
{
"name": "CVE-2026-42946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42946"
},
{
"name": "CVE-2026-42937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42937"
},
{
"name": "CVE-2026-42919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42919"
},
{
"name": "CVE-2026-42934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42934"
},
{
"name": "CVE-2026-42406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42406"
},
{
"name": "CVE-2026-40435",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40435"
},
{
"name": "CVE-2026-34176",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34176"
},
{
"name": "CVE-2026-40629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40629"
},
{
"name": "CVE-2026-32673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32673"
},
{
"name": "CVE-2026-41953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41953"
},
{
"name": "CVE-2026-40061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40061"
},
{
"name": "CVE-2026-42924",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42924"
},
{
"name": "CVE-2026-41225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41225"
},
{
"name": "CVE-2026-35062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35062"
},
{
"name": "CVE-2026-40423",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40423"
},
{
"name": "CVE-2026-34019",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34019"
},
{
"name": "CVE-2026-42926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42926"
},
{
"name": "CVE-2026-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20916"
},
{
"name": "CVE-2026-41957",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41957"
},
{
"name": "CVE-2026-39455",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39455"
},
{
"name": "CVE-2026-40618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40618"
},
{
"name": "CVE-2026-40631",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40631"
},
{
"name": "CVE-2026-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32643"
},
{
"name": "CVE-2026-41217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41217"
},
{
"name": "CVE-2026-40698",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40698"
},
{
"name": "CVE-2026-39459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39459"
},
{
"name": "CVE-2026-40703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40703"
},
{
"name": "CVE-2026-28758",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28758"
},
{
"name": "CVE-2026-41954",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41954"
},
{
"name": "CVE-2026-40699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40699"
},
{
"name": "CVE-2026-40462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40462"
},
{
"name": "CVE-2026-41219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41219"
},
{
"name": "CVE-2026-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24464"
},
{
"name": "CVE-2026-40067",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40067"
},
{
"name": "CVE-2026-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42063"
},
{
"name": "CVE-2026-42408",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42408"
},
{
"name": "CVE-2026-40060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40060"
},
{
"name": "CVE-2026-42945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42945"
},
{
"name": "CVE-2026-41956",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41956"
},
{
"name": "CVE-2026-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41218"
},
{
"name": "CVE-2026-41959",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41959"
},
{
"name": "CVE-2026-42930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42930"
},
{
"name": "CVE-2026-40460",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40460"
},
{
"name": "CVE-2026-42058",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42058"
}
],
"initial_release_date": "2026-05-15T00:00:00",
"last_revision_date": "2026-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0591",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
"vendor_advisories": [
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 F5 K000160932",
"url": "https://my.f5.com/manage/s/article/K000160932"
}
]
}
FKIE_CVE-2026-42934
Vulnerability from fkie_nvd - Published: 2026-05-13 16:16 - Updated: 2026-05-13 16:27
Severity ?
Summary
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"id": "CVE-2026-42934",
"lastModified": "2026-05-13T16:27:11.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "f5sirt@f5.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
},
"published": "2026-05-13T16:16:49.910",
"references": [
{
"source": "f5sirt@f5.com",
"url": "https://my.f5.com/manage/s/article/K000161028"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "f5sirt@f5.com",
"type": "Primary"
}
]
}
OPENSUSE-SU-2026:10796-1
Vulnerability from csaf_opensuse - Published: 2026-05-16 00:00 - Updated: 2026-05-16 00:00Summary
nginx-1.31.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: nginx-1.31.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the nginx-1.31.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10796
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.6 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.6 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "nginx-1.31.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the nginx-1.31.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10796",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10796-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40460 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40701 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42926 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42926/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42934 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42945 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42946 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42946/"
}
],
"title": "nginx-1.31.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-16T00:00:00Z",
"generator": {
"date": "2026-05-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10796-1",
"initial_release_date": "2026-05-16T00:00:00Z",
"revision_history": [
{
"date": "2026-05-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.31.0-1.1.aarch64",
"product": {
"name": "nginx-1.31.0-1.1.aarch64",
"product_id": "nginx-1.31.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nginx-source-1.31.0-1.1.aarch64",
"product": {
"name": "nginx-source-1.31.0-1.1.aarch64",
"product_id": "nginx-source-1.31.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.31.0-1.1.ppc64le",
"product": {
"name": "nginx-1.31.0-1.1.ppc64le",
"product_id": "nginx-1.31.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nginx-source-1.31.0-1.1.ppc64le",
"product": {
"name": "nginx-source-1.31.0-1.1.ppc64le",
"product_id": "nginx-source-1.31.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.31.0-1.1.s390x",
"product": {
"name": "nginx-1.31.0-1.1.s390x",
"product_id": "nginx-1.31.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nginx-source-1.31.0-1.1.s390x",
"product": {
"name": "nginx-source-1.31.0-1.1.s390x",
"product_id": "nginx-source-1.31.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.31.0-1.1.x86_64",
"product": {
"name": "nginx-1.31.0-1.1.x86_64",
"product_id": "nginx-1.31.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nginx-source-1.31.0-1.1.x86_64",
"product": {
"name": "nginx-source-1.31.0-1.1.x86_64",
"product_id": "nginx-source-1.31.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.31.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64"
},
"product_reference": "nginx-1.31.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.31.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le"
},
"product_reference": "nginx-1.31.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.31.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x"
},
"product_reference": "nginx-1.31.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.31.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64"
},
"product_reference": "nginx-1.31.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.31.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64"
},
"product_reference": "nginx-source-1.31.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.31.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le"
},
"product_reference": "nginx-source-1.31.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.31.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x"
},
"product_reference": "nginx-source-1.31.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.31.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
},
"product_reference": "nginx-source-1.31.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40460"
}
],
"notes": [
{
"category": "general",
"text": "When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40460",
"url": "https://www.suse.com/security/cve/CVE-2026-40460"
},
{
"category": "external",
"summary": "SUSE Bug 1265228 for CVE-2026-40460",
"url": "https://bugzilla.suse.com/1265228"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-40460"
},
{
"cve": "CVE-2026-40701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40701"
}
],
"notes": [
{
"category": "general",
"text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to \"on\" or \"optional,\" and the ssl_ocsp directive is set to \"on\" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.\n\n\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40701",
"url": "https://www.suse.com/security/cve/CVE-2026-40701"
},
{
"category": "external",
"summary": "SUSE Bug 1265229 for CVE-2026-40701",
"url": "https://bugzilla.suse.com/1265229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-40701"
},
{
"cve": "CVE-2026-42926",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42926"
}
],
"notes": [
{
"category": "general",
"text": "When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42926",
"url": "https://www.suse.com/security/cve/CVE-2026-42926"
},
{
"category": "external",
"summary": "SUSE Bug 1265230 for CVE-2026-42926",
"url": "https://bugzilla.suse.com/1265230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42926"
},
{
"cve": "CVE-2026-42934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42934"
}
],
"notes": [
{
"category": "general",
"text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42934",
"url": "https://www.suse.com/security/cve/CVE-2026-42934"
},
{
"category": "external",
"summary": "SUSE Bug 1265231 for CVE-2026-42934",
"url": "https://bugzilla.suse.com/1265231"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42934"
},
{
"cve": "CVE-2026-42945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42945"
}
],
"notes": [
{
"category": "general",
"text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42945",
"url": "https://www.suse.com/security/cve/CVE-2026-42945"
},
{
"category": "external",
"summary": "SUSE Bug 1265232 for CVE-2026-42945",
"url": "https://bugzilla.suse.com/1265232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42945"
},
{
"cve": "CVE-2026-42946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42946"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42946",
"url": "https://www.suse.com/security/cve/CVE-2026-42946"
},
{
"category": "external",
"summary": "SUSE Bug 1265233 for CVE-2026-42946",
"url": "https://bugzilla.suse.com/1265233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.31.0-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.31.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42946"
}
]
}
MSRC_CVE-2026-42934
Vulnerability from csaf_microsoft - Published: 2026-05-02 00:00 - Updated: 2026-05-17 14:41Summary
NGINX ngx_http_charset_module vulnerability
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42934 NGINX ngx_http_charset_module vulnerability - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-42934.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "NGINX ngx_http_charset_module vulnerability",
"tracking": {
"current_release_date": "2026-05-17T14:41:33.000Z",
"generator": {
"date": "2026-05-18T07:35:12.545Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-42934",
"initial_release_date": "2026-05-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-05-16T01:04:55.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-05-17T14:41:33.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 nginx 0:1.28.3-1.azl3",
"product": {
"name": "\u003cazl3 nginx 0:1.28.3-1.azl3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 nginx 0:1.28.3-1.azl3",
"product": {
"name": "azl3 nginx 0:1.28.3-1.azl3",
"product_id": "21341"
}
}
],
"category": "product_name",
"name": "nginx"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nginx 0:1.28.3-1.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nginx 0:1.28.3-1.azl3 as a component of Azure Linux 3.0",
"product_id": "21341-17084"
},
"product_reference": "21341",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42934",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "general",
"text": "f5",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21341-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-42934 NGINX ngx_http_charset_module vulnerability - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-42934.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-16T01:04:55.000Z",
"details": "0:1.28.3-2.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "NGINX ngx_http_charset_module vulnerability"
}
]
}
bit-nginx-2026-42934
Vulnerability from bitnami_vulndb
Published
2026-05-15 08:50
Modified
2026-05-15 09:12
Summary
NGINX ngx_http_charset_module vulnerability
Details
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "nginx",
"purl": "pkg:bitnami/nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.50"
},
{
"fixed": "1.30.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
],
"aliases": [
"CVE-2026-42934"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "BIT-nginx-2026-42934",
"modified": "2026-05-15T09:12:54.074Z",
"published": "2026-05-15T08:50:06.374Z",
"references": [
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000161028"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42934"
}
],
"schema_version": "1.6.2",
"summary": "NGINX ngx_http_charset_module vulnerability"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…