CVE-2026-40701

Medienbericht

EPSS 0.03%
Veröffentlicht 13.05.2026 14:12:43
Zuletzt bearbeitet 13.05.2026 16:27:11
Quelle f5sirt@f5.com
CVE-Watchlists
Login
Unerledigt
Login

NGINX ngx_http_ssl_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.



 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerF5

≫

Produkt NGINX Plus

Default Statusunknown

Version R37

Version < *

Status unaffected

Version R36

Version < R36 P4

Status affected

Version R32

Version < R32 P6

Status affected

HerstellerF5

≫

Produkt NGINX Open Source

Default Statusunaffected

Version 1.31.0

Version < *

Status unaffected

Version 1.19.0

Version < 1.30.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.074

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
f5sirt@f5.com	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
f5sirt@f5.com	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.bleepingcomputer.com/news/security/18-year-old-nginx-vulnerability-allows-dos-potential-rce/

Media Report

https://thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html

Media Report

https://my.f5.com/manage/s/article/K000161021

https://nvd.nist.gov/vuln/detail/CVE-2026-40701

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40701

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40701

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-40701