CVE-2026-42055
- EPSS 3.14%
- Veröffentlicht 17.06.2026 14:04:32
- Zuletzt bearbeitet 09.07.2026 13:17:08
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_in...
CVE-2026-42530
- EPSS 3.23%
- Veröffentlicht 17.06.2026 14:04:32
- Zuletzt bearbeitet 02.07.2026 20:03:41
NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/...
CVE-2026-48142
- EPSS 0.4%
- Veröffentlicht 17.06.2026 14:04:32
- Zuletzt bearbeitet 22.06.2026 16:50:00
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured,...
CVE-2026-40460
- EPSS 0.37%
- Veröffentlicht 13.05.2026 14:12:45
- Zuletzt bearbeitet 29.06.2026 14:17:01
When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached E...
CVE-2026-42946
- EPSS 0.93%
- Veröffentlicht 13.05.2026 14:12:44
- Zuletzt bearbeitet 16.06.2026 19:58:09
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middl...
CVE-2026-40701
- EPSS 0.68%
- Veröffentlicht 13.05.2026 14:12:43
- Zuletzt bearbeitet 23.06.2026 13:57:51
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver...
CVE-2026-42945
- EPSS 61.47%
- Veröffentlicht 13.05.2026 14:12:43
- Zuletzt bearbeitet 27.06.2026 05:16:45
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) ...
CVE-2026-1642
- EPSS 0.34%
- Veröffentlicht 04.02.2026 15:02:06
- Zuletzt bearbeitet 13.02.2026 21:35:01
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker...
CVE-2025-14727
- EPSS 0.37%
- Veröffentlicht 17.12.2025 15:48:22
- Zuletzt bearbeitet 08.01.2026 18:24:50
A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-10318
- EPSS 0.34%
- Veröffentlicht 06.11.2024 17:15:13
- Zuletzt bearbeitet 08.11.2024 19:51:49
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although...