F5 NGINX Plus和F5 NGINX Open Source 资源管理错误漏洞

🗓️ 13 May 2026 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 4 Views

F5 NGINX Plus and Open Source have resource management flaws enabling unauthenticated requests via ssl_verify_client and ssl_ocsp, causing heap errors.

Reporter	Title	Published	Views	Family All 89
FreeBSD	nginx-devel -- multiple vulnerabilities	13 May 202600:00	–	freebsd
FreeBSD	www/nginx -- Remote Code Execution/DoS	14 May 202600:00	–	freebsd
Tenable Nessus	Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1714)	27 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-012 (ALASNGINX1-2026-012)	27 May 202600:00	–	nessus
Tenable Nessus	Debian dla-4589 : libnginx-mod-http-auth-pam - security update	18 May 202600:00	–	nessus
Tenable Nessus	Debian dsa-6278 : libnginx-mod-http-geoip - security update	16 May 202600:00	–	nessus
Tenable Nessus	Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-094eb13bb1)	15 May 202600:00	–	nessus
Tenable Nessus	Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-38623b4fed)	15 May 202600:00	–	nessus
Tenable Nessus	Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-fb53cb4d67)	15 May 202600:00	–	nessus
Tenable Nessus	FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)	20 May 202600:00	–	nessus

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40701
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-40701

02 Jun 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.14.8

CVSS 46.3

EPSS0.00044

SSVC

f5 nginx plus nginx open source resource management unauthenticated requests heap errors