Lucene search
K

CVE-2026-42055

🗓️ 17 Jun 2026 14:04:32Reported by f5Type 
cve
 cve
🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 287 Views

CVE-2026-42055: NGINX heap overflow in proxy http two and grpc modules due to large headers when ignore invalid headers is off.

Related
Detection
Affected
Refs
Social
NVD
Node
f5dosMatch4.9.0nginx
OR
f5nginx_app_protect_dosRange4.3.04.7.0
OR
f5nginx_app_protect_wafRange4.10.04.16.0
OR
f5nginx_app_protect_wafRange5.2.05.8.0
OR
f5nginx_gateway_fabricRange1.3.01.6.2
OR
f5nginx_gateway_fabricRange2.0.02.6.4
OR
f5nginx_ingress_controllerRange3.5.03.7.2
OR
f5nginx_ingress_controllerRange5.0.05.5.1
OROROR
f5nginx_instance_managerRange2.17.02.22.0
OR
f5nginx_open_sourceRange1.30.01.30.3
OROR
f5nginx_plusRange37.0.037.0.1
OROR
f5nginx_plusMatchr30-
OR
f5nginx_plusMatchr30p1
OR
f5nginx_plusMatchr30p2
OR
f5nginx_plusMatchr31-
OR
f5nginx_plusMatchr31p1
OR
f5nginx_plusMatchr31p2
OR
f5nginx_plusMatchr31p3
OR
f5nginx_plusMatchr32-
OR
f5nginx_plusMatchr32p1
OR
f5nginx_plusMatchr32p2
OR
f5nginx_plusMatchr32p3
OR
f5nginx_plusMatchr32p4
OR
f5nginx_plusMatchr33-
OR
f5nginx_plusMatchr33p1
OR
f5nginx_plusMatchr33p2
OR
f5nginx_plusMatchr33p3
OR
f5nginx_plusMatchr34-
OR
f5nginx_plusMatchr34p1
OR
f5nginx_plusMatchr34p2
OR
f5nginx_plusMatchr35-
OR
f5nginx_plusMatchr35p1
OR
f5nginx_plusMatchr36-
OR
f5nginx_plusMatchr36p1
OR
f5nginx_plusMatchr36p2
OR
f5nginx_plusMatchr36p3
OR
f5nginx_plusMatchr36p4
OR
f5nginx_plusMatchr36p5
OR
f5wafRange5.9.05.13.1nginx
OR
f5wafMatch4.8.1nginx
[
  {
    "defaultStatus": "unknown",
    "modules": [
      "ngx_http_proxy_v2_module",
      "ngx_http_grpc_module"
    ],
    "product": "NGINX Open Source",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "1.31.2",
        "status": "affected",
        "version": "1.13.10",
        "versionType": "custom"
      },
      {
        "lessThan": "1.30.3",
        "status": "affected",
        "version": "1.30.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "ngx_http_proxy_v2_module",
      "ngx_http_grpc_module"
    ],
    "product": "NGINX Plus",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "37.0.2.1",
        "status": "affected",
        "version": "37.0",
        "versionType": "custom"
      },
      {
        "lessThan": "R36 P6",
        "status": "affected",
        "version": "R36",
        "versionType": "custom"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation