Exploit for CVE-2026-42926

CVE-2026-42926 NGINX HTTP/2 Frame Injection Lab A controlled...

CVE-2026-42926

creationtimestamp| type| source ---|---|--- 2026-05-19 08:05:32+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-vulnerabilities-nginx-leading-remote-code-execution-and-allowing-rate 2026-06-06 19:00:11+00:00| published-proof-of-concept|...

nginx-1.31.0-1.1 on GA media (moderate)

nginx-1.31.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10796-1 Rating: moderate Cross-References: CVE-2026-40460 CVE-2026-40701 CVE-2026-42926 CVE-2026-42934 CVE-2026-42945 CVE-2026-42946 CVSS scores: CVE-2026-40460 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-40460 SU...

Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-fb53cb4d67)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-fb53cb4d67 advisory. nginx-mod-brotli: - Rebuild for 1.30.1 nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-modsecurity: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebui...

CVE-2026-42926

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

HTTP/2 request injection in the ngx_http_proxy_module

HTTP/2 request injection in the ngxhttpproxymodule Severity: medium CVE-2026-42926 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 1.29.4-1.30.0...