Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS7.7AI score0.02838EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.6 views

The vulnerabilities of the ngx_http_proxy_v2_module and ngx_http_grpc_module modules in NGINX Plus and NGINX Open Source web servers allow attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the ngxhttpproxyv2module and ngxhttpgrpcmodule modules in NGINX Plus and NGINX Open Source web servers stems from the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service...

8.1CVSS6.8AI score0.02838EPSS
Exploits1References3Affected Software11
OSV
OSV
added 2026/06/22 5:47 a.m.3 views

BIT-NGINX-GATEWAY-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.3AI score0.02838EPSS
Exploits1References6
OSV
OSV
added 2026/06/22 5:47 a.m.3 views

BIT-NGINX-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.02838EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

9.2CVSS7.8AI score0.02838EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

nginx 1.13.10 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overflow

The installed version of nginx is 1.13.10 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

9.2CVSS6.6AI score0.02838EPSS
Exploits1References3
OSV
OSV
added 2026/06/17 3:16 p.m.4 views

DEBIAN-CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6AI score0.02838EPSS
Exploits1References1
Nginx
Nginx
added 2026/06/17 2:4 p.m.61 views

Buffer overflow in the ngx_http_proxy_v2_module and ngx_http_grpc_module

Buffer overflow in the ngxhttpproxyv2module and ngxhttpgrpcmodule Severity: medium CVE-2026-42055 Not vulnerable: 1.31.2+, 1.30.3+ Vulnerable: 1.13.10-1.31.1...

9.2CVSS5.3AI score0.02838EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.73 views

CVE-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS0.02838EPSS
Exploits1References1
CVE
CVE
added 2026/06/17 2:4 p.m.288 views

CVE-2026-42055

CVE-2026-42055 affects NGINX Plus and NGINX Open Source via the ngx_http_proxy_v2_module and ngx_http_grpc_module. A remote, unauthenticated attacker can exploit scenarios where proxy_http_version 2 or grpc_pass is used, ignore_invalid_headers is off, and large_client_header_buffers is set to mul...

9.2CVSS6AI score0.02838EPSS
Exploits1References5Affected Software9
F5 Networks
F5 Networks
added 2026/06/17 1:44 p.m.17 views

K000161584: NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability CVE-2026-42055

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is se...

9.2CVSS6.6AI score0.02838EPSS
Exploits1Affected Software9
Rows per page
Query Builder