Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 7:28 p.m.7 views

CVE-2026-42055

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.5AI score0.02838EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/19 1:53 a.m.7 views

SUSE CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

8.1CVSS6.5AI score0.02838EPSS
Exploits1References3
NVD
NVD
added 2026/06/17 3:16 p.m.89 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS0.02838EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/17 2:4 p.m.10 views

EUVD-2026-37718

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6AI score0.02838EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.73 views

CVE-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS0.02838EPSS
Exploits1References1
CVE
CVE
added 2026/06/17 2:4 p.m.288 views

CVE-2026-42055

CVE-2026-42055 affects NGINX Plus and NGINX Open Source via the ngx_http_proxy_v2_module and ngx_http_grpc_module. A remote, unauthenticated attacker can exploit scenarios where proxy_http_version 2 or grpc_pass is used, ignore_invalid_headers is off, and large_client_header_buffers is set to mul...

9.2CVSS6AI score0.02838EPSS
Exploits1References5Affected Software9
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.5 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.02838EPSS
Exploits1
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.8 views

nginx -- multiple vulnerabilities

The nginx developers report: A heap memory buffer overflow vulnerability when using the "ignoreinvalidheaders off;" and "largeclientheaderbuffers" directives with large configured values while proxying a specially crafted request to an HTTP/2 or gRPC backend may allow memory corruption or a...

9.2CVSS5.7AI score0.02838EPSS
Exploits1References1
Rows per page
Query Builder