BIT-NGINX-2026-42934 NGINX ngx_http_charset_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering "off" directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' contr...

BIT-NGINX-GATEWAY-2026-40701 NGINX ngx_http_ssl_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

BIT-NGINX-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Exploit for CVE-2026-42945

nginx-rift-detect Behavioral detection script for CVE-2026-...

Exploit for CVE-2026-42945

CVE-2026-42945 Actual Risk Assessment Scripts Native risk ass...

Exploit for CVE-2026-42945

CVE-2026-42945 — NGINX Rewrite Module Heap Buffer Overflow → R...

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

nginx-rift-private-lab

NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...

Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-38623b4fed)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-38623b4fed advisory. nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebuild for 1.30.1 nginx-mod-naxsi: - Rebuild for 1.30.1 nginx-mod-headers-more: - Rebui...

RHEL 9 : nginx (RHSA-2026:17794)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17794 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 9 : nginx:1.26 (RHSA-2026:17753)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17753 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 9 : nginx:1.24 (RHSA-2026:17752)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17752 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 9 : nginx:1.24 (RHSA-2026:17793)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17793 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-fb53cb4d67)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-fb53cb4d67 advisory. nginx-mod-brotli: - Rebuild for 1.30.1 nginx-mod-vts: - Rebuild for 1.30.1 nginx-mod-modsecurity: - Rebuild for 1.30.1 nginx-mod-fancyindex: - Rebui...

RHEL 9 : nginx (RHSA-2026:17792)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17792 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 9 : nginx (RHSA-2026:17791)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17791 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-094eb13bb1)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-094eb13bb1 advisory. nginx-mod-fancyindex: - Rebuild for 1.30.1 nginx-mod-headers-more: - Rebuild for 1.30.1 nginx-mod-naxsi: - Rebuild for 1.30.1 nginx-mod-js-challenge...

RHEL 9 : nginx (RHSA-2026:17751)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17751 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

RHEL 10 : nginx (RHSA-2026:17790)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17790 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...