CVE-2026-1642 NGINX vulnerability

🗓️ 04 Feb 2026 15:02:06Reported by f5Type

CVE-2026-1642: NGINX proxying to upstream security can allow MITM to inject plain text into responses.

Reporter	Title	Published	Views	Family All 203
Tenable Nessus	Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1436)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-010 (ALASNGINX1-2026-010)	19 Feb 202600:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0137: nginx (ALINUX3-SA-2026:0137)	29 May 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nginx:1.24 (ALSA-2026:3638)	5 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nginx:1.26 (ALSA-2026:4235)	11 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : nginx (ALSA-2026:4705)	20 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : nginx:1.24 (ALSA-2026:5581)	26 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nginx (ALSA-2026:5599)	26 Mar 202600:00	–	nessus
Tenable Nessus	Debian dla-4589 : libnginx-mod-http-auth-pam - security update	18 May 202600:00	–	nessus
Tenable Nessus	Debian dsa-6131 : libnginx-mod-http-geoip - security update	13 Feb 202600:00	–	nessus

[
  {
    "defaultStatus": "unknown",
    "product": "NGINX Open Source",
    "vendor": "F5",
    "versions": [
      {
        "changes": [
          {
            "at": "1.28.2",
            "status": "unaffected"
          }
        ],
        "lessThan": "1.29.5",
        "status": "affected",
        "version": "1.3.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "NGINX Plus",
    "vendor": "F5",
    "versions": [
      {
        "lessThan": "R36 P2",
        "status": "affected",
        "version": "R36",
        "versionType": "custom"
      },
      {
        "lessThan": "R35 P1",
        "status": "affected",
        "version": "R35",
        "versionType": "custom"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "R34",
        "versionType": "custom"
      },
      {
        "lessThan": "*",
        "status": "affected",
        "version": "R33",
        "versionType": "custom"
      },
      {
        "lessThan": "R32 P4",
        "status": "affected",
        "version": "R32",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
my	www.my.f5.com/manage/s/article/K000159824

04 Feb 2026 15:02Current

CVSS 3.15.9

CVSS 48.2

EPSS0.00331

CWE-349