HTTP/2 request injection in the ngx_http_proxy_module

HTTP/2 request injection in the ngxhttpproxymodule Severity: medium CVE-2026-42926 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 1.29.4-1.30.0...

Vulnerabilities with Windows 8.3 filename pseudonyms

Vulnerabilities with Windows 8.3 filename pseudonyms Severity: major Not vulnerable: 0.8.33+, 0.7.65+ Vulnerable: nginx/Windows 0.7.52-0.8.32...

Buffer overread in the ngx_http_scgi_module and ngx_http_uwsgi_module

Buffer overread in the ngxhttpscgimodule and ngxhttpuwsgimodule Severity: medium CVE-2026-42946 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 0.8.42-1.30.0...

Buffer overread in the ngx_http_charset_module

Buffer overread in the ngxhttpcharsetmodule Severity: low CVE-2026-42934 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 0.3.50-1.30.0...

HTTP/3 address spoofing

HTTP/3 address spoofing Severity: medium CVE-2026-40460 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 1.25.0-1.30.0...

Buffer overflow in the ngx_http_proxy_v2_module and ngx_http_grpc_module

Buffer overflow in the ngxhttpproxyv2module and ngxhttpgrpcmodule Severity: medium CVE-2026-42055 Not vulnerable: 1.31.2+, 1.30.3+ Vulnerable: 1.13.10-1.31.1...

Use-after-free in HTTP/3

Use-after-free in HTTP/3 Severity: major CVE-2026-42530 Not vulnerable: 1.31.2+ Vulnerable: 1.31.0-1.31.1...

resolver use-after-free in OCSP

resolver use-after-free in OCSP Severity: medium CVE-2026-40701 Not vulnerable: 1.31.0+, 1.30.1+ Vulnerable: 1.19.0-1.30.0...

Buffer overread in the ngx_http_charset_module

Buffer overread in the ngxhttpcharsetmodule Severity: low CVE-2026-48142 Not vulnerable: 1.31.2+, 1.30.3+ Vulnerable: 0.3.50-1.31.1...