PT-2026-40677

Name of the Vulnerable Software and Affected Versions NGINX Open Source versions prior to 1.30.0 Description When configured to proxy HTTP/2 traffic by setting proxy http version to 2 and utilizing proxy set body, an attacker may inject frame headers and payload bytes to the upstream peer...

PT-2026-40655

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A heap-use-after-free error exists in the ngx http ssl module module. This occurs when the ssl verify client directive is set to "on" or...

F5 NGINX Plus和F5 NGINX Open Source 资源管理错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

PT-2026-40648

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description When configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address. This can lead to the bypass of...

F5 NGINX Open Source 安全漏洞

F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway provided by the F5 company. There is a security vulnerability in F5 NGINX Open Source, which stems from the use of proxysetbody when configuring HTTP/2 traffic. This vulnerability may lead ...

PT-2026-40679

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A heap buffer over-read exists in the ngx http charset module module. This occurs when the charset, source charset, charset map, and proxy...

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

F5 NGINX Plus和F5 NGINX Open Source 安全漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of the American company F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. Both F5 NGINX Plus and F5 NGINX Open...

PT-2026-40681

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source versions 0.6.27 through 1.30.0 Description A heap buffer overflow exists in the ngx http rewrite module module of NGINX. The issue occurs when a rewrite directive is followed by a...

Exploit for CVE-2026-42945

NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

EUVD-2026-29748

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

CVE-2026-44015

CVE-2026-44015 describes SSRF in Nginx UI prior to 2.3.5 where an authenticated user can create a cluster node with an internal URL and trigger the Proxy middleware to forward requests using the X-Node-ID header, bypassing network segmentation and reaching localhost/internal services (including c...

CVE-2026-44015

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

CVE-2026-44015 Nginx UI: Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware Allows Access to Internal Services

Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery SSRF by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwar...

CVE-2026-8430

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

CVE-2026-8430

CVE-2026-8430 affects SPIP versions prior to 4.4.14. The vulnerability is a remote code execution in the public space, limited to certain nginx configurations, allowing attackers to run arbitrary code in the web server context. Exploitation relies on specific nginx configuration scenarios and is ...

CVE-2026-8430 SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

CVE-2026-8430

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...

CVE-2026-8430 SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx...