7 matches found
Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-b8e751787c)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b8e751787c advisory. nginx-mod-brotli: - Rebuild for 1.30.3 nginx-mod-fancyindex: - Rebuild for 1.30.3 nginx-mod-vts: - Rebuild for 1.30.3 nginx-mod-modsecurity: - Rebui...
SUSE CVE-2026-42530
NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 CVSS v4 score: 9.2 - A use-after-free vulnerability in the ngxhttpv3module that...
CVE-2026-42530
creationtimestamp| type| source ---|---|--- 2026-06-17 17:58:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moivbi45fe2b 2026-06-17 18:03:06+00:00| seen| https://bsky.app/profile/crustytldr.bsky.social/post/3moivjizel522 2026-06-17 21:00:00+00:00| seen|...
Use-after-free in HTTP/3
Use-after-free in HTTP/3 Severity: major CVE-2026-42530 Not vulnerable: 1.31.2+ Vulnerable: 1.31.0-1.31.1...
CVE-2026-42530
Summary : NGINX Open Source’s ngx_http_v3_module vulnerability (CVE-2026-42530) occurs when HTTP/3 QUIC is enabled. A remote unauthenticated attacker can craft an HTTP/3 session to reopen a QPACK encoder stream, causing a Use-after-Free in the NGINX worker process and potentially triggering a res...
K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530
Security Advisory Description NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen ...