CVE-2026-42934

A flaw was found in the ngxhttpcharsetmodule module of NGINX. When charset, sourcecharset, charsetmap and proxypass with disabled buffering "off" directives are configured, an unauthenticated attacker can send crafted requests and cause a heap-based buffer over-read in the worker process, resulti...

nginx-1.31.0-1.1 on GA media (moderate)

nginx-1.31.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10796-1 Rating: moderate Cross-References: CVE-2026-40460 CVE-2026-40701 CVE-2026-42926 CVE-2026-42934 CVE-2026-42945 CVE-2026-42946 CVSS scores: CVE-2026-40460 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2026-40460 SU...

[SECURITY] [DSA 6278-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6278-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 16, 2026 https://www.debian.org/security/faq -...

Debian dsa-6278 : libnginx-mod-http-geoip - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6278 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6278-1 [email protected]...

Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-fb53cb4d67)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-fb53cb4d67 advisory. nginx-mod-brotli: - Rebuild for 1.30.1 nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-modsecurity: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebui...

Linux Distros Unpatched Vulnerability : CVE-2026-42934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disable...

DEBIAN-CVE-2026-42934

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

CVE-2026-42934

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

Buffer overread in the ngx_http_charset_module

Buffer overread in the ngxhttpcharsetmodule Severity: low CVE-2026-42934 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 0.3.50-1.30.0...

CVE-2026-42934

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

CVE-2026-42934 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

K000161028: NGINX ngx_http_charset_module vulnerability CVE-2026-42934

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset , sourcecharset , and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with...