48 matches found
Important: nginx
Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and...
OESA-2026-2801 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...
OESA-2026-2800 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...
OESA-2026-2799 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...
OESA-2026-2798 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...
BIT-NGINX-GATEWAY-2026-48142 NGINX ngx_http_charset_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
BIT-NGINX-2026-48142 NGINX ngx_http_charset_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
nginx 0.3.50 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overread in ngx_http_charset_module
The installed version of nginx is 0.3.50 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...
Linux Distros Unpatched Vulnerability : CVE-2026-48142
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...
CVE-2026-48142
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
ALPINE-CVE-2026-48142
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
DEBIAN-CVE-2026-48142
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
CVE-2026-48142 NGINX ngx_http_charset_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
CVE-2026-48142
CVE-2026-48142 affects the ngx_http_charset_module in NGINX Plus and NGINX Open Source. When a location block uses both source_charset utf-8 and a charset directive (e.g., charset koi8-r), remote unauthenticated attackers can trigger a heap buffer over-read in the NGINX worker process, causing me...
CVE-2026-48142
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
CVE-2026-48142
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r; configured, remote, unauthenticated attackers can send requests ...
K000161585: NGINX ngx_http_charset_module vulnerability CVE-2026-48142
Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r ; configured, remote, unauthenticat...
PT-2026-50442
Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX Open Source affected versions not specified Description A heap buffer over-read exists in the ngx http charset module module. This occurs when content is served or proxied through a location blo...
SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2370-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2370-1 advisory. This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a...
Security update for nginx
This update for nginx fixes the following issues CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration with overlapping captures bsc1266215. CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415...