Lucene search
K

4 matches found

OSV
OSV
added 2026/05/15 8:50 a.m.7 views

BIT-NGINX-GATEWAY-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.32 views

CVE-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS0.00367EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.7 views

CVE-2026-40460 NGINX ngx_quic_module vulnerability

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.8AI score0.00367EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/05 12:0 a.m.7 views

The vulnerability of the HTTP/3 QUIC module (ngx_http_v3_module) in NGINX Plus and NGINX OSS web servers allows a attacker to cause a service failure.

The vulnerability of the HTTP/3 QUIC module ngxhttpv3module in NGINX Plus and NGINX OSS servers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted HTTP/3 requests...

7.8CVSS7.1AI score0.00848EPSS
Exploits0References7Affected Software3
Rows per page
Query Builder