Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-0b8cc86e5b)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-0b8cc86e5b advisory. nginx-mod-fancyindex: - Rebuild for 1.28.2 nginx-mod-headers-more: - Rebuild for 1.28.2 nginx-mod-brotli: - Rebuild for 1.28.2 nginx-mod-modsecurity: - Rebui...

CVE-2026-1642 affecting package nginx for versions less than 1.28.2-1

CVE-2026-1642 affecting package nginx for versions less than 1.28.2-1. An upgraded version of the package is available that resolves this issue...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : nginx vulnerability (USN-8038-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8038-1 advisory. It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain...

Debian dsa-6131 : libnginx-mod-http-geoip - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6131 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6131-1 [email protected] https://www.debian.org/security/...

Debian: Security Advisory (DSA-6131-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 6131-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6131-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 12, 2026 https://www.debian.org/security/faq -...

USN-8038-1: nginx vulnerability

It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server...

USN-8038-1 nginx vulnerability

It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server...

BIT-NGINX-INGRESS-CONTROLLER-2026-24513 ingress-nginx auth-url protection bypass

A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...

BIT-NGINX-INGRESS-CONTROLLER-2026-24512 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...

DSA-6131-1 nginx - security update

Bulletin has no description...

BIT-NGINX-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

Arbitrary Code Execution

ingress-nginx is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper sanitization of the rules.http.paths.path Ingress field, where attacker-controlled values can inject arbitrary NGINX configuration, enabling execution of commands in the ingress-nginx controller context...

Mageia: Security Advisory (MGASA-2026-0033)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nginx packages fix security vulnerability

MitM injection. CVE-2026-1642...

MGASA-2026-0033 Updated nginx packages fix security vulnerability

MitM injection. CVE-2026-1642...

EUVD-2026-5804

A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely...

nginxWebUI 代码注入漏洞

nginxWebUI is a nginx web configuration tool developed by cym1102 as an individual developer. Versions of nginxWebUI 4.3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter nginxDir in the file adminPage/conf/conf, which coul...

SUSE CVE-2026-1580

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

SUSE CVE-2026-24512

A security issue was discovered in ingress-nginx where the rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note tha...