7 matches found
CVE-2026-42945
CVE-2026-42945 affects NGINX Open Source and NGINX Plus via the ngx_http_rewrite_module when a rewrite/if/set directive is followed by a PCRE capture and a replacement containing a question mark. This can cause a heap buffer overflow in the worker process and, on systems with ASLR disabled, poten...
CVE-2026-42055
CVE-2026-42055 affects NGINX Plus and NGINX Open Source via the ngx_http_proxy_v2_module and ngx_http_grpc_module. A remote, unauthenticated attacker can exploit scenarios where proxy_http_version 2 or grpc_pass is used, ignore_invalid_headers is off, and large_client_header_buffers is set to mul...
CVE-2026-48142
CVE-2026-48142 affects the ngx_http_charset_module in NGINX Plus and NGINX Open Source. When a location block uses both source_charset utf-8 and a charset directive (e.g., charset koi8-r), remote unauthenticated attackers can trigger a heap buffer over-read in the NGINX worker process, causing me...
CVE-2026-40460
CVE-2026-40460 affects NGINX Plus ngx_quic_module and NGINX Open Source when HTTP/3 QUIC is enabled. An attacker could spoof the source IP to bypass authorization or rate limiting, potentially enabling unauthorized access or DoS. Remediation per the connected advisory: upgrade to vulnerable-produ...
CVE-2026-42934
The CVE-2026-42934 entry concerns NGINX Plus and NGINX Open Source with a vulnerability in the ngx_http_charset_module. When charset, source_charset, and charset_map are configured together with proxy_pass having buffering disabled, unauthenticated attackers can trigger a heap buffer over-read in...
CVE-2026-40701
The CVE-2026-40701 entry concerns NGINX’s ngx_http_ssl_module where enabling ssl_verify_client (on/optional) with ssl_ocsp (on) or leaf resolver configurations can cause a heap-use-after-free in the NGINX worker process. Impact is limited data modification or worker restart. Affected products inc...
CVE-2026-42946
A vulnerability CVE-2026-42946 affects the NGINX ngx_http_scgi_module and ngx_http_uwsgi_module. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with MITM control over upstream responses may trigger excessive memory allocation or an out-of-bounds read in the NGINX worker, ...