Search

Find a vulnerability

Search criteria

    3254 vulnerabilities by F5

    CVE-2026-60005 (GCVE-0-2026-60005)

    Vulnerability from nvd – Published: 2026-07-15 15:04 – Updated: 2026-07-15 15:41
    VLAI
    Title
    NGINX ngx_http_slice_module vulnerability
    Summary
    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart. Impact: This vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: The ngx_http_slice_module module is not enabled by default; it's enabled with the --with-http_slice_module configuration parameter. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162100 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Plus Affected: 37.0.0.1 , < 37.0.3.1 (custom)
    Affected: R36 , < R36 P7 (custom)
    Affected: R33 , < * (custom)
    Create a notification for this product.
    F5 NGINX Open Source Affected: 1.31.2 , < 1.31.3 (custom)
    Affected: 1.15.8 , < 1.30.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:40:48.346021Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:41:06.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "modules": [
                "ngx_http_slice_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.3.1",
                  "status": "affected",
                  "version": "37.0.0.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P7",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "R33",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ngx_http_slice_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.3",
                  "status": "affected",
                  "version": "1.31.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.4",
                  "status": "affected",
                  "version": "1.15.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003cstrong\u003engx_http_slice_module \u003c/strong\u003emodule. When the \u003cstrong\u003eslice\u003c/strong\u003e\u0026nbsp;directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/p\u003eImpact:\u003cbr\u003eThis vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: The \u003cstrong\u003engx_http_slice_module\u003c/strong\u003e\u0026nbsp;module is not enabled by default; it\u0027s enabled with the \u003cstrong\u003e--with-http_slice_module\u003c/strong\u003e\u0026nbsp;configuration parameter.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003c/span\u003e"
                }
              ],
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice\u00a0directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\nImpact:\nThis vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\nNote: The ngx_http_slice_module\u00a0module is not enabled by default; it\u0027s enabled with the --with-http_slice_module\u00a0configuration parameter.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908 Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T15:04:21.040Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162100"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX ngx_http_slice_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-60005",
        "datePublished": "2026-07-15T15:04:21.040Z",
        "dateReserved": "2026-07-08T15:49:43.059Z",
        "dateUpdated": "2026-07-15T15:41:06.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60065 (GCVE-0-2026-60065)

    Vulnerability from nvd – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:39
    VLAI
    Title
    NGINX Plus ngx_stream_mqtt_filter_module vulnerability
    Summary
    When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart. Impact: This vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162101 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Plus Affected: 37.0.0.1 , < 37.0.3.1 (custom)
    Affected: R36 , < R36 P7 (custom)
    Affected: R33 , < * (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60065",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:38:52.814250Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:39:17.208Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_stream_mqtt_filter_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.3.1",
                  "status": "affected",
                  "version": "37.0.0.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P7",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "R33",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eWhen NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (\u003cstrong\u003engx_stream_mqtt_filter_module\u003c/strong\u003e), unauthenticated attackers can send requests with conditions beyond the attacker\u0027s control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.\u003c/p\u003eImpact:\u003cbr\u003eThis vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\u003cbr\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker\u0027s control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.\n\nImpact:\nThis vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:46.469Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162101"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Plus ngx_stream_mqtt_filter_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-60065",
        "datePublished": "2026-07-15T14:33:46.469Z",
        "dateReserved": "2026-07-08T15:49:43.065Z",
        "dateUpdated": "2026-07-15T15:39:17.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60062 (GCVE-0-2026-60062)

    Vulnerability from nvd – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:37
    VLAI
    Title
    NGINX Agent Vulnerability
    Summary
    The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary. Impact: A remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000161971 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Agent Unaffected: 3.0.0 , < * (custom)
    Affected: 2.0.0 , < 2.47.0 (custom)
    Create a notification for this product.
    F5 NGINX Instance Manager Affected: 2.22.0 , < 2.22.2 (custom)
    Affected: 2.17.1 , < * (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:37:10.692160Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:37:18.438Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "NGINX Agent",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.47.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "NGINX Instance Manager",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.22.2",
                  "status": "affected",
                  "version": "2.22.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "2.17.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe NGINX Agent \u003cstrong\u003econfig_dirs\u003c/strong\u003e\u0026nbsp;directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The \u003cstrong\u003econfig_dirs\u003c/strong\u003e\u0026nbsp;directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary.\u003c/p\u003eImpact:\u003cbr\u003eA remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration.\u003cbr\u003e\u003cbr\u003e\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "The NGINX Agent config_dirs\u00a0directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs\u00a0directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary.\n\nImpact:\nA remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration.\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:45.486Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161971"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Agent Vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-60062",
        "datePublished": "2026-07-15T14:33:45.486Z",
        "dateReserved": "2026-07-08T15:49:43.045Z",
        "dateUpdated": "2026-07-15T15:37:18.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59762 (GCVE-0-2026-59762)

    Vulnerability from nvd – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:35
    VLAI
    Title
    BIG-IP HTTP/2 vulnerability
    Summary
    When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.   Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162231 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 BIG-IP Affected: 21.1.0 , < 21.1.0.1 (custom)
    Affected: 21.0.0 , < 21.0.0.3 (custom)
    Affected: 17.5.0 , < 17.5.1.8 (custom)
    Affected: 17.1.0 , < 17.1.3.4 (custom)
    Create a notification for this product.
    F5 BIG-IP Next for Kubernetes Affected: 2.3.0 , < 2.3.2 (custom)
    Affected: 2.0.0 , < 2.2.3 (custom)
    Create a notification for this product.
    F5 BIG-IP Next SPK Affected: 1.9.0 , < * (custom)
    Affected: 1.7.0 , < 1.7.18 (custom)
    Create a notification for this product.
    F5 BIG-IP Next CNF Affected: 2.3.0 , < 2.3.2 (custom)
    Affected: 2.0.0 , < 2.2.3 (custom)
    Affected: 1.1.0 , < 1.4.3 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5 acknowledges the Okta Red Team of Okta for bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:34:45.499391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:35:16.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "All Modules"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "21.1.0.1",
                  "status": "affected",
                  "version": "21.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.0.0.3",
                  "status": "affected",
                  "version": "21.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.5.1.8",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.1.3.4",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "TMM"
              ],
              "product": "BIG-IP Next for Kubernetes",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.3.2",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.3",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "TMM"
              ],
              "product": "BIG-IP Next SPK",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.7.18",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "TMM"
              ],
              "product": "BIG-IP Next CNF",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.3.2",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.3",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.3",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "F5 acknowledges the Okta Red Team of Okta for bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u003c/span\u003e\u0026nbsp;\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImpact:\u003cbr\u003eSystem performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u00a0\u00a0\n\n\n\n\n\n\n\n\n\nImpact:\nSystem performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.\n\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Standard Deployment"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Standard Deployment"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:44.468Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162231"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BIG-IP HTTP/2 vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-59762",
        "datePublished": "2026-07-15T14:33:44.468Z",
        "dateReserved": "2026-07-08T15:49:43.031Z",
        "dateUpdated": "2026-07-15T15:35:16.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56434 (GCVE-0-2026-56434)

    Vulnerability from nvd – Published: 2026-07-15 14:33 – Updated: 2026-07-15 18:10
    VLAI
    Title
    NGINX ngx_http_ssi_module vulnerability
    Summary
    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to cause a use-after-free in the NGINX worker process. This issue may lead to limited modification of memory or a restart of the NGINX worker process. Impact: This vulnerability may allow remote attackers to have limited control to modify memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162098 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Plus Affected: 37.0.0.1 , < 37.0.3.1 (custom)
    Affected: R36 , < R36 P7 (custom)
    Affected: R33 , < * (custom)
    Create a notification for this product.
    F5 NGINX Open Source Affected: 1.31.2 , < 1.31.3 (custom)
    Affected: 0.8.11 , < 1.30.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5 acknowledges p4p3r(@P4P3R-HAK)" of "싸이버원(CYBERONE) for bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56434",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:38:13.231118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:38:21.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_ssi_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.3.1",
                  "status": "affected",
                  "version": "37.0.0.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P7",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "R33",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_ssi_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.3",
                  "status": "affected",
                  "version": "1.31.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.4",
                  "status": "affected",
                  "version": "0.8.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "F5 acknowledges p4p3r(@P4P3R-HAK)\" of \"\uc2f8\uc774\ubc84\uc6d0(CYBERONE) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003cstrong\u003engx_http_ssi_module\u003c/strong\u003e\u0026nbsp;module. This vulnerability may exist when the Server-Side Includes (SSI), \u003cstrong\u003eproxy_pass\u003c/strong\u003e, and \u003cstrong\u003eproxy_buffering off\u003c/strong\u003e\u0026nbsp;directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to cause a use-after-free in the NGINX worker process. This issue may lead to limited modification of memory or a restart of the NGINX worker process.\u003c/p\u003eImpact:\u003cbr\u003eThis vulnerability may allow remote attackers to have limited control to modify memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\u003cbr\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module\u00a0module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off\u00a0directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to cause a use-after-free in the NGINX worker process. This issue may lead to limited modification of memory or a restart of the NGINX worker process.\n\nImpact:\nThis vulnerability may allow remote attackers to have limited control to modify memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T18:10:54.402Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162098"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "NGINX ngx_http_ssi_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-56434",
        "datePublished": "2026-07-15T14:33:46.142Z",
        "dateReserved": "2026-07-08T15:49:43.050Z",
        "dateUpdated": "2026-07-15T18:10:54.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55723 (GCVE-0-2026-55723)

    Vulnerability from nvd – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:36
    VLAI
    Title
    NGINX Ingress Controller vulnerability
    Summary
    When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without sanitization. An authenticated attacker with permission to create or modify these CRDs or annotations may craft values that inject arbitrary NGINX configuration directives. Impact: An authenticated attacker granted write access to NGINX Ingress Controller CRDs or Ingress annotations through the Kubernetes API may be able to inject arbitrary NGINX configuration directives, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-76 - Improper Neutralization of Equivalent Special Elements
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000161800 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Ingress Controller Affected: 5.0.0 , < 5.5.2 (custom)
    Affected: 2026-lts-r1 , < 2026-lts-r3 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55723",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:35:46.076453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:36:16.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Custom Resource Definitions",
                "Ingress Annotations"
              ],
              "product": "NGINX Ingress Controller",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "5.5.2",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026-lts-r3",
                  "status": "affected",
                  "version": "2026-lts-r1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without sanitization. An authenticated attacker with permission to create or modify these CRDs or annotations may craft values that inject arbitrary NGINX configuration directives.\u003c/span\u003e \u003cbr\u003e\u003cbr\u003eImpact:\u003cbr\u003eAn authenticated attacker granted write access to NGINX Ingress Controller CRDs or Ingress annotations through the Kubernetes API may be able to inject arbitrary NGINX configuration directives, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.\u003cbr\u003e\u003cbr\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without sanitization. An authenticated attacker with permission to create or modify these CRDs or annotations may craft values that inject arbitrary NGINX configuration directives. \n\nImpact:\nAn authenticated attacker granted write access to NGINX Ingress Controller CRDs or Ingress annotations through the Kubernetes API may be able to inject arbitrary NGINX configuration directives, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-76",
                  "description": "CWE-76 Improper Neutralization of Equivalent Special Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:44.806Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161800"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Ingress Controller vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-55723",
        "datePublished": "2026-07-15T14:33:44.806Z",
        "dateReserved": "2026-06-17T23:45:50.277Z",
        "dateUpdated": "2026-07-15T15:36:16.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-52865 (GCVE-0-2026-52865)

    Vulnerability from nvd – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:36
    VLAI
    Title
    NGINX Ingress Controller vulnerability
    Summary
    When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000161834 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Ingress Controller Affected: 5.0.0 , < 5.5.2 (custom)
    Affected: 2026-lts-r1 , < 2026-lts-r3 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-52865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:36:49.413847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:36:57.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Ingress",
                "TransportServer"
              ],
              "product": "NGINX Ingress Controller",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "5.5.2",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026-lts-r3",
                  "status": "affected",
                  "version": "2026-lts-r1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e \u003cbr\u003e\u003cbr\u003e\n\nImpact:\u003cbr\u003eThe NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only.\u003cbr\u003e\u003cbr\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. \n\n\n\nImpact:\nThe NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:45.155Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161834"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Ingress Controller vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-52865",
        "datePublished": "2026-07-15T14:33:45.155Z",
        "dateReserved": "2026-06-17T23:45:50.281Z",
        "dateUpdated": "2026-07-15T15:36:57.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42533 (GCVE-0-2026-42533)

    Vulnerability from nvd – Published: 2026-07-15 14:33 – Updated: 2026-07-15 21:20
    VLAI
    Title
    NGINX Map directive and Regex matching vulnerability
    Summary
    A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Impact: This vulnerability may allow remote attackers to cause a denial-of-service (DoS) on the NGINX system or to possibly trigger a code execution. There is no control plane exposure; this is a data plane issue only.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162097 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Plus Affected: 37.0.0.1 , < 37.0.3.1 (custom)
    Affected: R36 , < R36 P7 (custom)
    Affected: R33 , < * (custom)
    Create a notification for this product.
    F5 NGINX Open Source Affected: 1.31.2 , < 1.31.3 (custom)
    Affected: 0.9.6 , < 1.30.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5 acknowledges Ming Xuan, DKD (@pidifn), Ji'an Zhou, and Zhen Yan of AntAISecurityLab, Rafael Gacek, Sergii Negodiuk of EVO.company, Lam Jun Rong of Calif.io, Mufeed VH of Winfunc Research (winfunc.com), Vexera AI (https://vexera.ai), Tu Tran Dinh (@1w4y), Stan Shaw (cyberstan), qianshuidewajueji, zenneth (randomguy6407), Zhenpeng (Leo) Lin of depthfirst, Lukas Johannes Moeller, Melih Tolga Sahin of Vodafone Türkiye, Ayoub Nabil Boubagrat (GitHub: @ayoubnabil), and Milan Jovic (Kljunowsky) for independently bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42533",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:37:45.453471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:37:57.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "map directive with regex matching"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.3.1",
                  "status": "affected",
                  "version": "37.0.0.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P7",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "R33",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "map directive with regex matching"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.3",
                  "status": "affected",
                  "version": "1.31.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.4",
                  "status": "affected",
                  "version": "0.9.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "F5 acknowledges Ming Xuan, DKD (@pidifn), Ji\u0027an Zhou, and Zhen Yan of AntAISecurityLab, Rafael Gacek, Sergii Negodiuk of EVO.company, Lam Jun Rong of Calif.io, Mufeed VH of Winfunc Research (winfunc.com), Vexera AI (https://vexera.ai), Tu Tran Dinh (@1w4y), Stan Shaw (cyberstan), qianshuidewajueji, zenneth (randomguy6407), Zhenpeng (Leo) Lin of depthfirst, Lukas Johannes Moeller, Melih Tolga Sahin of Vodafone T\u00fcrkiye, Ayoub Nabil Boubagrat (GitHub: @ayoubnabil), and Milan Jovic (Kljunowsky) for independently bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability exists in NGINX Plus and NGINX Open Source when a \u003cstrong\u003emap\u003c/strong\u003e\u0026nbsp;directive uses regex matching and a string expression references the map\u0027s regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u003c/p\u003eImpact:\u003cbr\u003eThis vulnerability may allow remote attackers to cause a denial-of-service (DoS) on the NGINX system or to possibly trigger a code execution. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\n\n\n\u003cbr\u003e\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "A vulnerability exists in NGINX Plus and NGINX Open Source when a map\u00a0directive uses regex matching and a string expression references the map\u0027s regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\n\nImpact:\nThis vulnerability may allow remote attackers to cause a denial-of-service (DoS) on the NGINX system or to possibly trigger a code execution. There is no control plane exposure; this is a data plane issue only.\n\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T21:20:26.156Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162097"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "NGINX Map directive and Regex matching vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-42533",
        "datePublished": "2026-07-15T14:33:45.810Z",
        "dateReserved": "2026-05-05T21:19:09.517Z",
        "dateUpdated": "2026-07-15T21:20:26.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50107 (GCVE-0-2026-50107)

    Vulnerability from nvd – Published: 2026-06-17 20:04 – Updated: 2026-06-18 12:57
    VLAI
    Title
    NGINX Gateway Fabric vulnerability
    Summary
    When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Gateway Fabric Affected: 2.3.0 , < 2.6.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50107",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T12:57:49.527832Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T12:57:56.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Custom Resource Definitions"
              ],
              "product": "NGINX Gateway Fabric",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.6.4",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the \u003c/span\u003e\u003cstrong\u003eNginxProxy\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy\u00a0Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T20:04:44.518Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161785"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Gateway Fabric vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-50107",
        "datePublished": "2026-06-17T20:04:44.518Z",
        "dateReserved": "2026-06-17T16:35:56.336Z",
        "dateUpdated": "2026-06-18T12:57:56.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32682 (GCVE-0-2026-32682)

    Vulnerability from nvd – Published: 2026-06-17 20:05 – Updated: 2026-06-18 12:57
    VLAI
    Title
    NGINX Gateway Fabric vulnerability
    Summary
    When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Gateway Fabric Affected: 1.3.0 , < 2.6.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T12:57:19.705230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T12:57:26.063Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "GRPCRoutes"
              ],
              "product": "NGINX Gateway Fabric",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.6.4",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T20:05:17.808Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161786"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Gateway Fabric vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-32682",
        "datePublished": "2026-06-17T20:05:17.808Z",
        "dateReserved": "2026-06-17T16:35:56.342Z",
        "dateUpdated": "2026-06-18T12:57:26.063Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48142 (GCVE-0-2026-48142)

    Vulnerability from nvd – Published: 2026-06-17 14:04 – Updated: 2026-06-17 15:42 X_F5
    VLAI
    Title
    NGINX ngx_http_charset_module vulnerability
    Summary
    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Open Source Affected: 1.13.10 , < 1.31.2 (custom)
    Affected: 1.30.0 , < 1.30.3 (custom)
    Create a notification for this product.
    F5 NGINX Plus Affected: 37.0 , < 37.0.2.1 (custom)
    Affected: R36 , < R36 P6 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    "F5 acknowledges p4p3r of CYBERONE and Han Yan of Xiaomi for bringing this issue to our attention and following the highest standards of coordinated disclosure."
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T15:42:46.410409Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T15:42:56.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_charset_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.2",
                  "status": "affected",
                  "version": "1.13.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.3",
                  "status": "affected",
                  "version": "1.30.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ngx_http_charset_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.2.1",
                  "status": "affected",
                  "version": "37.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P6",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "\"F5 acknowledges p4p3r of CYBERONE and Han Yan of Xiaomi for bringing this issue to our attention and following the highest standards of coordinated disclosure.\""
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_charset_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module. When content is served or proxied through a location block with both \u003c/span\u003e\u003cstrong\u003esource_charset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;utf-8; and a \u003c/span\u003e\u003cstrong\u003echarset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive (for example, \u003c/span\u003e\u003cstrong\u003echarset koi8-r\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module\u00a0module. When content is served or proxied through a location block with both source_charset\u00a0utf-8; and a charset\u00a0directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T14:04:32.856Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161585"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_F5"
          ],
          "title": "NGINX ngx_http_charset_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-48142",
        "datePublished": "2026-06-17T14:04:32.856Z",
        "dateReserved": "2026-06-02T21:45:04.856Z",
        "dateUpdated": "2026-06-17T15:42:56.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42530 (GCVE-0-2026-42530)

    Vulnerability from nvd – Published: 2026-06-17 14:04 – Updated: 2026-07-15 00:57 X_F5
    VLAI
    Title
    NGINX Open-Source ngx_http_v3_module vulnerability
    Summary
    NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    f5
    Impacted products
    Date Public
    2026-06-17 14:00
    Credits
    "F5 acknowledges Trung Nguyen (@everping) of CyStack, Zhenpeng (Leo) Lin (depthfirst), Evan Hellman (@xintenseapple) of Trail of Bits in collaboration with OpenAI, AntAISecurityLab, and Nebula Security (@nebusecurity) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42530",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T03:57:47.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx:1.24/nginx",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx:1.24/nginx",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx:1.26/nginx",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:insights_proxy:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "insights-proxy/insights-proxy-container-rhel9",
                "product": "Red Hat Lightspeed proxy 1",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-17T14:04:32.173Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the ngx_http_v3_module module of NGINX. When NGINX is configured to use the HTTP/3 QUIC module, an attacker can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream and cause a use-after-free issue, potentially allowing code execution or a denial of service by forcing the process to restart."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:57:24.949Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42530"
              },
              {
                "name": "RHBZ#2489872",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489872"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42530.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-17T16:02:06.547Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-17T14:04:32.173Z",
                "value": "Made public."
              }
            ],
            "title": "nginx: ngx_http_v3_module: use-after-free issue leads to denial of service",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, disable HTTP/3 by removing quic from all listen directives."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_v3_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.2",
                  "status": "affected",
                  "version": "1.31.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "\"F5 acknowledges Trung Nguyen (@everping) of CyStack, Zhenpeng (Leo) Lin (depthfirst), Evan Hellman (@xintenseapple) of Trail of Bits in collaboration with OpenAI, AntAISecurityLab, and Nebula Security (@nebusecurity) for bringing this issue to our attention and following the highest standards of coordinated disclosure.\""
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Open Source has a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_v3_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u003c/span\u003e  \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "NGINX Open Source has a vulnerability in the ngx_http_v3_module\u00a0module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T14:04:32.173Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161616"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_F5"
          ],
          "title": "NGINX Open-Source ngx_http_v3_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-42530",
        "datePublished": "2026-06-17T14:04:32.173Z",
        "dateReserved": "2026-06-02T21:45:04.719Z",
        "dateUpdated": "2026-07-15T00:57:24.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42055 (GCVE-0-2026-42055)

    Vulnerability from nvd – Published: 2026-06-17 14:04 – Updated: 2026-07-15 00:58 X_F5
    VLAI
    Title
    NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability
    Summary
    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Open Source Affected: 1.13.10 , < 1.31.2 (custom)
    Affected: 1.30.2 , < 1.30.3 (custom)
    Create a notification for this product.
    F5 NGINX Plus Affected: 37.0 , < 37.0.2.1 (custom)
    Affected: R36 , < R36 P6 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 2:1.26.3-6.el10_2.5 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260707171317.489197e6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.20.1-28.el9_8.4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 9080020260707164406.9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 9080020260707110000.9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 1.30.3-2.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    "F5 acknowledges Mufeed VH of Winfunc Research, Trung Nguyen (@everping) of CyStack, Feng Xue and XGPT of ThreatBook, Hcamael and 章鱼哥 of aipyapp, and Zhen Yan (AntAISecurityLab) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T03:57:46.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "2:1.26.3-6.el10_2.5",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx:1.24",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8100020260707171317.489197e6",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "2:1.20.1-28.el9_8.4",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx:1.24",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "9080020260707164406.9",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx:1.26",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "9080020260707110000.9",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx-main",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1.30.3-2.hum1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "odf4/ocs-client-console-rhel9",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "packageName": "odf4/odf-console-rhel9",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "odf4/odf-multicluster-console-rhel9",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-17T14:04:32.520Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngx_http_proxy_v2_module or ngx_http_grpc_module with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart of the NGINX worker process and a Denial of Service (DoS). Under certain conditions, such as when Address Space Layout Randomization (ASLR) is disabled or bypassed, this vulnerability could also allow for arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-131",
                    "description": "Incorrect Calculation of Buffer Size",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:58:16.251Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42055"
              },
              {
                "name": "RHBZ#2489866",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489866"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42055.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36364"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:38847"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36618"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36331"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36639"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27197"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:36364: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:38847: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36618: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36331: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36639: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27197: Red Hat Hardened Images"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-17T16:01:41.848Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-17T14:04:32.520Z",
                "value": "Made public."
              }
            ],
            "title": "nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, ensure that the `ignore_invalid_headers` directive is set to `on` in your NGINX configuration, or reduce the size specified by the `large_client_header_buffers` directive to 2 megabytes or less. These changes require an NGINX service reload or restart to take effect. Reloading the NGINX service is generally safe, but a restart will briefly interrupt service."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_proxy_v2_module",
                "ngx_http_grpc_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.2",
                  "status": "affected",
                  "version": "1.13.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.3",
                  "status": "affected",
                  "version": "1.30.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ngx_http_proxy_v2_module",
                "ngx_http_grpc_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.2.1",
                  "status": "affected",
                  "version": "37.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P6",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "\"F5 acknowledges Mufeed VH of Winfunc Research, Trung Nguyen (@everping) of CyStack, Feng Xue and XGPT of ThreatBook, Hcamael and \u7ae0\u9c7c\u54e5 of aipyapp, and Zhen Yan (AntAISecurityLab) for bringing this issue to our attention and following the highest standards of coordinated disclosure.\""
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_proxy_v2_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003engx_http_grpc_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;modules. This vulnerability exists when the \u003c/span\u003e\u003cstrong\u003eproxy_http_version to 2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or \u003c/span\u003e\u003cstrong\u003egrpc_pass\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directives are used to proxy HTTP/2 traffic, the \u003c/span\u003e\u003cstrong\u003eignore_invalid_headers\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive is set to off, and the \u003c/span\u003e\u003cstrong\u003elarge_client_header_buffers\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module\u00a0and ngx_http_grpc_module\u00a0modules. This vulnerability exists when the proxy_http_version to 2\u00a0or grpc_pass\u00a0directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers\u00a0directive is set to off, and the large_client_header_buffers\u00a0directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T14:04:32.520Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161584"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_F5"
          ],
          "title": "NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-42055",
        "datePublished": "2026-06-17T14:04:32.520Z",
        "dateReserved": "2026-06-02T21:45:04.818Z",
        "dateUpdated": "2026-07-15T00:58:16.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11311 (GCVE-0-2026-11311)

    Vulnerability from nvd – Published: 2026-06-17 14:04 – Updated: 2026-06-17 15:42 X_F5
    VLAI
    Title
    NGINX Gateway Fabric vulnerability
    Summary
    When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the AuthenticationFilter Custom Resource Definition extraAuthArgs field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-76 - Improper Neutralization of Equvalent Special Elements
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Gateway Fabric Affected: 2.5.0 , < 2.6.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11311",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T15:42:03.715663Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T15:42:37.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Custom Resource Definitions"
              ],
              "product": "NGINX Gateway Fabric",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.6.4",
                  "status": "affected",
                  "version": "2.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the \u003c/span\u003e\u003cstrong\u003eNginxProxy\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Custom Resource Definition \u003c/span\u003e\u003cstrong\u003eserverTokens\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;field and the \u003c/span\u003e\u003cstrong\u003eAuthenticationFilter\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Custom Resource Definition \u003c/span\u003e\u003cstrong\u003eextraAuthArgs\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy\u00a0Custom Resource Definition serverTokens\u00a0field and the AuthenticationFilter\u00a0Custom Resource Definition extraAuthArgs\u00a0field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-76",
                  "description": "CWE-76 Improper Neutralization of Equvalent Special Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T14:04:33.197Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161611"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "tags": [
            "x_F5"
          ],
          "title": "NGINX Gateway Fabric vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-11311",
        "datePublished": "2026-06-17T14:04:33.197Z",
        "dateReserved": "2026-06-04T18:01:54.825Z",
        "dateUpdated": "2026-06-17T15:42:37.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49975 (GCVE-0-2026-49975)

    Vulnerability from nvd – Published: 2026-06-08 15:26 – Updated: 2026-07-15 00:47
    VLAI
    Title
    Apache HTTP Server: mod_http2 denial of service
    Summary
    Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache HTTP Server Affected: 2.4.17 , ≤ 2.4.67 (semver)
    Create a notification for this product.
    Red Hat JBoss Core Services for RHEL 8 Unaffected: 0:2.4.62-13.el8jbcs , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1::el8
    Create a notification for this product.
    Red Hat JBoss Core Services for RHEL 8 Unaffected: 0:2.0.29-10.el8jbcs , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1::el8
    Create a notification for this product.
    Red Hat JBoss Core Services on RHEL 7 Unaffected: 0:2.4.62-13.el7jbcs , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1::el7
    Create a notification for this product.
    Red Hat JBoss Core Services on RHEL 7 Unaffected: 0:2.0.29-10.el7jbcs , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1::el7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.0.29-4.el10_2.1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260608081321.489197e6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020260702193120.522a0ee4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 8040020260702193120.522a0ee4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020260702195216.ad008a3a , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Unaffected: 8060020260702195216.ad008a3a , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 8080020260702200145.63b34585 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 8080020260702200145.63b34585 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.0.26-6.el9_8.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP4 Unaffected: httpd24-httpd , < * (rpm)
    Unaffected: httpd24-mod_http2 , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 2.4.68-1.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 2.6 Unaffected: 1781604724 , < * (rpm)
        cpe:/a:redhat:service_mesh:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Web Server 5     cpe:/a:redhat:jboss_enterprise_web_server:5
    Create a notification for this product.
    Credits
    Quang Luong of Calif.IO in collaboration with OpenAI Codex
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-08T22:32:35.729Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/03/3"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/08/16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49975",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T10:27:36.270403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T10:29:04.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/EQSTLab/CVE-2026-49975"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs-httpd24-httpd",
                "product": "JBoss Core Services for RHEL 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.4.62-13.el8jbcs",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs-httpd24-mod_http2",
                "product": "JBoss Core Services for RHEL 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.0.29-10.el8jbcs",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el7"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs-httpd24-httpd",
                "product": "JBoss Core Services on RHEL 7",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.4.62-13.el7jbcs",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el7"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs-httpd24-mod_http2",
                "product": "JBoss Core Services on RHEL 7",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.0.29-10.el7jbcs",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "packageName": "mod_http2",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.0.29-4.el10_2.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8100020260608081321.489197e6",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8040020260702193120.522a0ee4",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8040020260702193120.522a0ee4",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8060020260702195216.ad008a3a",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8060020260702195216.ad008a3a",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8080020260702200145.63b34585",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8080020260702200145.63b34585",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "mod_http2",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.0.26-6.el9_8.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs",
                "product": "Red Hat JBoss Core Services 2.4.62.SP4",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "httpd24-httpd",
                    "versionType": "rpm"
                  },
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "httpd24-mod_http2",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd-main",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "2.4.68-1.hum1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2.6::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-service-mesh/proxyv2-rhel9",
                "product": "Red Hat OpenShift Service Mesh 2.6",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1781604724",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apache-commons-daemon",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apache-commons-daemon-jsvc",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apr",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apr-util",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-brotli",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-compose",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-curl",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-dist",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-jansson",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_cluster-native",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_jk",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_md",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_proxy_cluster",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_security",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-nghttp2",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-openssl",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-openssl-chil",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-openssl-pkcs11",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_web_server:5"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apr",
                "product": "Red Hat JBoss Web Server 5",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_web_server:5"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-openssl",
                "product": "Red Hat JBoss Web Server 5",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-03T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-409",
                    "description": "Improper Handling of Highly Compressed Data (Data Amplification)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:47:26.100Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-49975"
              },
              {
                "name": "RHBZ#2485371",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49975.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27200"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25090"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36846"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36831"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36373"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25057"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25042"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27201"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27114"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:27200: Red Hat JBoss Core Services on RHEL 7 Server, Red Hat JBoss Core Services on RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25225: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25090: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36846: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36831: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36373: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25057: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25042: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27201: Red Hat JBoss Core Services 2.4.62.SP4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27114: Red Hat OpenShift Service Mesh 2.6"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-05T06:04:44.009Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-03T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache HTTP Server",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.67",
                  "status": "affected",
                  "version": "2.4.17",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Quang Luong of Calif.IO in collaboration with OpenAI Codex"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\n\nThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T15:26:04.674Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-26T12:00:00.000Z",
              "value": "reported"
            },
            {
              "lang": "en",
              "time": "2026-05-27T12:00:00.000Z",
              "value": "fixed upstream in mod_h2 https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c"
            },
            {
              "lang": "en",
              "time": "2026-06-02T12:00:00.000Z",
              "value": "fixed in 2.4.x by r1934882"
            },
            {
              "lang": "eng",
              "time": "2026-06-08T12:00:00.000Z",
              "value": "2.4.68 released"
            }
          ],
          "title": "Apache HTTP Server: mod_http2 denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2026-49975",
        "datePublished": "2026-06-08T15:26:04.674Z",
        "dateReserved": "2026-06-02T17:20:37.983Z",
        "dateUpdated": "2026-07-15T00:47:26.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60005 (GCVE-0-2026-60005)

    Vulnerability from cvelistv5 – Published: 2026-07-15 15:04 – Updated: 2026-07-15 15:41
    VLAI
    Title
    NGINX ngx_http_slice_module vulnerability
    Summary
    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart. Impact: This vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: The ngx_http_slice_module module is not enabled by default; it's enabled with the --with-http_slice_module configuration parameter. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-908 - Use of Uninitialized Resource
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162100 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Plus Affected: 37.0.0.1 , < 37.0.3.1 (custom)
    Affected: R36 , < R36 P7 (custom)
    Affected: R33 , < * (custom)
    Create a notification for this product.
    F5 NGINX Open Source Affected: 1.31.2 , < 1.31.3 (custom)
    Affected: 1.15.8 , < 1.30.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:40:48.346021Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:41:06.279Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "modules": [
                "ngx_http_slice_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.3.1",
                  "status": "affected",
                  "version": "37.0.0.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P7",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "R33",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ngx_http_slice_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.3",
                  "status": "affected",
                  "version": "1.31.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.4",
                  "status": "affected",
                  "version": "1.15.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003cstrong\u003engx_http_slice_module \u003c/strong\u003emodule. When the \u003cstrong\u003eslice\u003c/strong\u003e\u0026nbsp;directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/p\u003eImpact:\u003cbr\u003eThis vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: The \u003cstrong\u003engx_http_slice_module\u003c/strong\u003e\u0026nbsp;module is not enabled by default; it\u0027s enabled with the \u003cstrong\u003e--with-http_slice_module\u003c/strong\u003e\u0026nbsp;configuration parameter.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003c/span\u003e"
                }
              ],
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice\u00a0directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\nImpact:\nThis vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\nNote: The ngx_http_slice_module\u00a0module is not enabled by default; it\u0027s enabled with the --with-http_slice_module\u00a0configuration parameter.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-908",
                  "description": "CWE-908 Use of Uninitialized Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T15:04:21.040Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162100"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX ngx_http_slice_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-60005",
        "datePublished": "2026-07-15T15:04:21.040Z",
        "dateReserved": "2026-07-08T15:49:43.059Z",
        "dateUpdated": "2026-07-15T15:41:06.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60065 (GCVE-0-2026-60065)

    Vulnerability from cvelistv5 – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:39
    VLAI
    Title
    NGINX Plus ngx_stream_mqtt_filter_module vulnerability
    Summary
    When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart. Impact: This vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162101 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Plus Affected: 37.0.0.1 , < 37.0.3.1 (custom)
    Affected: R36 , < R36 P7 (custom)
    Affected: R33 , < * (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60065",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:38:52.814250Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:39:17.208Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_stream_mqtt_filter_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.3.1",
                  "status": "affected",
                  "version": "37.0.0.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P7",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "R33",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eWhen NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (\u003cstrong\u003engx_stream_mqtt_filter_module\u003c/strong\u003e), unauthenticated attackers can send requests with conditions beyond the attacker\u0027s control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.\u003c/p\u003eImpact:\u003cbr\u003eThis vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\u003cbr\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker\u0027s control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.\n\nImpact:\nThis vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:46.469Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162101"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Plus ngx_stream_mqtt_filter_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-60065",
        "datePublished": "2026-07-15T14:33:46.469Z",
        "dateReserved": "2026-07-08T15:49:43.065Z",
        "dateUpdated": "2026-07-15T15:39:17.208Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56434 (GCVE-0-2026-56434)

    Vulnerability from cvelistv5 – Published: 2026-07-15 14:33 – Updated: 2026-07-15 18:10
    VLAI
    Title
    NGINX ngx_http_ssi_module vulnerability
    Summary
    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to cause a use-after-free in the NGINX worker process. This issue may lead to limited modification of memory or a restart of the NGINX worker process. Impact: This vulnerability may allow remote attackers to have limited control to modify memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162098 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Plus Affected: 37.0.0.1 , < 37.0.3.1 (custom)
    Affected: R36 , < R36 P7 (custom)
    Affected: R33 , < * (custom)
    Create a notification for this product.
    F5 NGINX Open Source Affected: 1.31.2 , < 1.31.3 (custom)
    Affected: 0.8.11 , < 1.30.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5 acknowledges p4p3r(@P4P3R-HAK)" of "싸이버원(CYBERONE) for bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56434",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:38:13.231118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:38:21.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_ssi_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.3.1",
                  "status": "affected",
                  "version": "37.0.0.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P7",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "R33",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_ssi_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.3",
                  "status": "affected",
                  "version": "1.31.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.4",
                  "status": "affected",
                  "version": "0.8.11",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "F5 acknowledges p4p3r(@P4P3R-HAK)\" of \"\uc2f8\uc774\ubc84\uc6d0(CYBERONE) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003cstrong\u003engx_http_ssi_module\u003c/strong\u003e\u0026nbsp;module. This vulnerability may exist when the Server-Side Includes (SSI), \u003cstrong\u003eproxy_pass\u003c/strong\u003e, and \u003cstrong\u003eproxy_buffering off\u003c/strong\u003e\u0026nbsp;directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to cause a use-after-free in the NGINX worker process. This issue may lead to limited modification of memory or a restart of the NGINX worker process.\u003c/p\u003eImpact:\u003cbr\u003eThis vulnerability may allow remote attackers to have limited control to modify memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\u003cbr\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module\u00a0module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off\u00a0directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to cause a use-after-free in the NGINX worker process. This issue may lead to limited modification of memory or a restart of the NGINX worker process.\n\nImpact:\nThis vulnerability may allow remote attackers to have limited control to modify memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T18:10:54.402Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162098"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "NGINX ngx_http_ssi_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-56434",
        "datePublished": "2026-07-15T14:33:46.142Z",
        "dateReserved": "2026-07-08T15:49:43.050Z",
        "dateUpdated": "2026-07-15T18:10:54.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42533 (GCVE-0-2026-42533)

    Vulnerability from cvelistv5 – Published: 2026-07-15 14:33 – Updated: 2026-07-15 21:20
    VLAI
    Title
    NGINX Map directive and Regex matching vulnerability
    Summary
    A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Impact: This vulnerability may allow remote attackers to cause a denial-of-service (DoS) on the NGINX system or to possibly trigger a code execution. There is no control plane exposure; this is a data plane issue only.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162097 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Plus Affected: 37.0.0.1 , < 37.0.3.1 (custom)
    Affected: R36 , < R36 P7 (custom)
    Affected: R33 , < * (custom)
    Create a notification for this product.
    F5 NGINX Open Source Affected: 1.31.2 , < 1.31.3 (custom)
    Affected: 0.9.6 , < 1.30.4 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5 acknowledges Ming Xuan, DKD (@pidifn), Ji'an Zhou, and Zhen Yan of AntAISecurityLab, Rafael Gacek, Sergii Negodiuk of EVO.company, Lam Jun Rong of Calif.io, Mufeed VH of Winfunc Research (winfunc.com), Vexera AI (https://vexera.ai), Tu Tran Dinh (@1w4y), Stan Shaw (cyberstan), qianshuidewajueji, zenneth (randomguy6407), Zhenpeng (Leo) Lin of depthfirst, Lukas Johannes Moeller, Melih Tolga Sahin of Vodafone Türkiye, Ayoub Nabil Boubagrat (GitHub: @ayoubnabil), and Milan Jovic (Kljunowsky) for independently bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42533",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:37:45.453471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:37:57.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "map directive with regex matching"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.3.1",
                  "status": "affected",
                  "version": "37.0.0.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P7",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "R33",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "map directive with regex matching"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.3",
                  "status": "affected",
                  "version": "1.31.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.4",
                  "status": "affected",
                  "version": "0.9.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "F5 acknowledges Ming Xuan, DKD (@pidifn), Ji\u0027an Zhou, and Zhen Yan of AntAISecurityLab, Rafael Gacek, Sergii Negodiuk of EVO.company, Lam Jun Rong of Calif.io, Mufeed VH of Winfunc Research (winfunc.com), Vexera AI (https://vexera.ai), Tu Tran Dinh (@1w4y), Stan Shaw (cyberstan), qianshuidewajueji, zenneth (randomguy6407), Zhenpeng (Leo) Lin of depthfirst, Lukas Johannes Moeller, Melih Tolga Sahin of Vodafone T\u00fcrkiye, Ayoub Nabil Boubagrat (GitHub: @ayoubnabil), and Milan Jovic (Kljunowsky) for independently bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability exists in NGINX Plus and NGINX Open Source when a \u003cstrong\u003emap\u003c/strong\u003e\u0026nbsp;directive uses regex matching and a string expression references the map\u0027s regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u003c/p\u003eImpact:\u003cbr\u003eThis vulnerability may allow remote attackers to cause a denial-of-service (DoS) on the NGINX system or to possibly trigger a code execution. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\n\n\n\u003cbr\u003e\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "A vulnerability exists in NGINX Plus and NGINX Open Source when a map\u00a0directive uses regex matching and a string expression references the map\u0027s regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\n\nImpact:\nThis vulnerability may allow remote attackers to cause a denial-of-service (DoS) on the NGINX system or to possibly trigger a code execution. There is no control plane exposure; this is a data plane issue only.\n\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T21:20:26.156Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162097"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "NGINX Map directive and Regex matching vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-42533",
        "datePublished": "2026-07-15T14:33:45.810Z",
        "dateReserved": "2026-05-05T21:19:09.517Z",
        "dateUpdated": "2026-07-15T21:20:26.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60062 (GCVE-0-2026-60062)

    Vulnerability from cvelistv5 – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:37
    VLAI
    Title
    NGINX Agent Vulnerability
    Summary
    The NGINX Agent config_dirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary. Impact: A remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000161971 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Agent Unaffected: 3.0.0 , < * (custom)
    Affected: 2.0.0 , < 2.47.0 (custom)
    Create a notification for this product.
    F5 NGINX Instance Manager Affected: 2.22.0 , < 2.22.2 (custom)
    Affected: 2.17.1 , < * (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:37:10.692160Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:37:18.438Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "NGINX Agent",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.47.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "NGINX Instance Manager",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.22.2",
                  "status": "affected",
                  "version": "2.22.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "2.17.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe NGINX Agent \u003cstrong\u003econfig_dirs\u003c/strong\u003e\u0026nbsp;directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The \u003cstrong\u003econfig_dirs\u003c/strong\u003e\u0026nbsp;directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary.\u003c/p\u003eImpact:\u003cbr\u003eA remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration.\u003cbr\u003e\u003cbr\u003e\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "The NGINX Agent config_dirs\u00a0directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The config_dirs\u00a0directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow an attacker to cross a security boundary.\n\nImpact:\nA remotely authenticated low-privileged attacker could gain limited read and write access outside of the list of directories specified in the NGINX Agent configuration.\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:45.486Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161971"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Agent Vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-60062",
        "datePublished": "2026-07-15T14:33:45.486Z",
        "dateReserved": "2026-07-08T15:49:43.045Z",
        "dateUpdated": "2026-07-15T15:37:18.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-52865 (GCVE-0-2026-52865)

    Vulnerability from cvelistv5 – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:36
    VLAI
    Title
    NGINX Ingress Controller vulnerability
    Summary
    When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000161834 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Ingress Controller Affected: 5.0.0 , < 5.5.2 (custom)
    Affected: 2026-lts-r1 , < 2026-lts-r3 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-52865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:36:49.413847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:36:57.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Ingress",
                "TransportServer"
              ],
              "product": "NGINX Ingress Controller",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "5.5.2",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026-lts-r3",
                  "status": "affected",
                  "version": "2026-lts-r1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate.\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e \u003cbr\u003e\u003cbr\u003e\n\nImpact:\u003cbr\u003eThe NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only.\u003cbr\u003e\u003cbr\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. \n\n\n\nImpact:\nThe NGINX Ingress Controller control plane process terminates and enters a persistent crash loop while the malformed Ingress or TransportServer resource remains in the cluster. This vulnerability allows a remote, authenticated attacker with at least Ingress or TransportServer resource write access to cause a denial-of-service (DoS) on the NGINX Ingress Controller system. There is no data plane exposure; this is a control plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:45.155Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161834"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Ingress Controller vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-52865",
        "datePublished": "2026-07-15T14:33:45.155Z",
        "dateReserved": "2026-06-17T23:45:50.281Z",
        "dateUpdated": "2026-07-15T15:36:57.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55723 (GCVE-0-2026-55723)

    Vulnerability from cvelistv5 – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:36
    VLAI
    Title
    NGINX Ingress Controller vulnerability
    Summary
    When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without sanitization. An authenticated attacker with permission to create or modify these CRDs or annotations may craft values that inject arbitrary NGINX configuration directives. Impact: An authenticated attacker granted write access to NGINX Ingress Controller CRDs or Ingress annotations through the Kubernetes API may be able to inject arbitrary NGINX configuration directives, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-76 - Improper Neutralization of Equivalent Special Elements
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000161800 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 NGINX Ingress Controller Affected: 5.0.0 , < 5.5.2 (custom)
    Affected: 2026-lts-r1 , < 2026-lts-r3 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55723",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:35:46.076453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:36:16.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Custom Resource Definitions",
                "Ingress Annotations"
              ],
              "product": "NGINX Ingress Controller",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "5.5.2",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026-lts-r3",
                  "status": "affected",
                  "version": "2026-lts-r1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without sanitization. An authenticated attacker with permission to create or modify these CRDs or annotations may craft values that inject arbitrary NGINX configuration directives.\u003c/span\u003e \u003cbr\u003e\u003cbr\u003eImpact:\u003cbr\u003eAn authenticated attacker granted write access to NGINX Ingress Controller CRDs or Ingress annotations through the Kubernetes API may be able to inject arbitrary NGINX configuration directives, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.\u003cbr\u003e\u003cbr\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Ingress Controller is configured with Custom Resource Definitions (CRDs) or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without sanitization. An authenticated attacker with permission to create or modify these CRDs or annotations may craft values that inject arbitrary NGINX configuration directives. \n\nImpact:\nAn authenticated attacker granted write access to NGINX Ingress Controller CRDs or Ingress annotations through the Kubernetes API may be able to inject arbitrary NGINX configuration directives, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-76",
                  "description": "CWE-76 Improper Neutralization of Equivalent Special Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:44.806Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161800"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Ingress Controller vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-55723",
        "datePublished": "2026-07-15T14:33:44.806Z",
        "dateReserved": "2026-06-17T23:45:50.277Z",
        "dateUpdated": "2026-07-15T15:36:16.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59762 (GCVE-0-2026-59762)

    Vulnerability from cvelistv5 – Published: 2026-07-15 14:33 – Updated: 2026-07-15 15:35
    VLAI
    Title
    BIG-IP HTTP/2 vulnerability
    Summary
    When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.   Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    f5
    References
    URL Tags
    https://my.f5.com/manage/s/article/K000162231 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    F5 BIG-IP Affected: 21.1.0 , < 21.1.0.1 (custom)
    Affected: 21.0.0 , < 21.0.0.3 (custom)
    Affected: 17.5.0 , < 17.5.1.8 (custom)
    Affected: 17.1.0 , < 17.1.3.4 (custom)
    Create a notification for this product.
    F5 BIG-IP Next for Kubernetes Affected: 2.3.0 , < 2.3.2 (custom)
    Affected: 2.0.0 , < 2.2.3 (custom)
    Create a notification for this product.
    F5 BIG-IP Next SPK Affected: 1.9.0 , < * (custom)
    Affected: 1.7.0 , < 1.7.18 (custom)
    Create a notification for this product.
    F5 BIG-IP Next CNF Affected: 2.3.0 , < 2.3.2 (custom)
    Affected: 2.0.0 , < 2.2.3 (custom)
    Affected: 1.1.0 , < 1.4.3 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 14:00
    Credits
    F5 acknowledges the Okta Red Team of Okta for bringing this issue to our attention and following the highest standards of coordinated disclosure.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59762",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:34:45.499391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:35:16.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "All Modules"
              ],
              "product": "BIG-IP",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "21.1.0.1",
                  "status": "affected",
                  "version": "21.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "21.0.0.3",
                  "status": "affected",
                  "version": "21.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.5.1.8",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.1.3.4",
                  "status": "affected",
                  "version": "17.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "TMM"
              ],
              "product": "BIG-IP Next for Kubernetes",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.3.2",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.3",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "TMM"
              ],
              "product": "BIG-IP Next SPK",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.7.18",
                  "status": "affected",
                  "version": "1.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "modules": [
                "TMM"
              ],
              "product": "BIG-IP Next CNF",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.3.2",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.3",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.3",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "F5 acknowledges the Okta Red Team of Okta for bringing this issue to our attention and following the highest standards of coordinated disclosure."
            }
          ],
          "datePublic": "2026-07-15T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u003c/span\u003e\u0026nbsp;\u0026nbsp;\u003cbr\u003e\u003c/p\u003e\n\n\n\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImpact:\u003cbr\u003eSystem performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.\u003cbr\u003e\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.\u00a0\u00a0\n\n\n\n\n\n\n\n\n\nImpact:\nSystem performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.\n\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Standard Deployment"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Standard Deployment"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T14:33:44.468Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://my.f5.com/manage/s/article/K000162231"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "BIG-IP HTTP/2 vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-59762",
        "datePublished": "2026-07-15T14:33:44.468Z",
        "dateReserved": "2026-07-08T15:49:43.031Z",
        "dateUpdated": "2026-07-15T15:35:16.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32682 (GCVE-0-2026-32682)

    Vulnerability from cvelistv5 – Published: 2026-06-17 20:05 – Updated: 2026-06-18 12:57
    VLAI
    Title
    NGINX Gateway Fabric vulnerability
    Summary
    When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Gateway Fabric Affected: 1.3.0 , < 2.6.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T12:57:19.705230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T12:57:26.063Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "GRPCRoutes"
              ],
              "product": "NGINX Gateway Fabric",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.6.4",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T20:05:17.808Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161786"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Gateway Fabric vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-32682",
        "datePublished": "2026-06-17T20:05:17.808Z",
        "dateReserved": "2026-06-17T16:35:56.342Z",
        "dateUpdated": "2026-06-18T12:57:26.063Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50107 (GCVE-0-2026-50107)

    Vulnerability from cvelistv5 – Published: 2026-06-17 20:04 – Updated: 2026-06-18 12:57
    VLAI
    Title
    NGINX Gateway Fabric vulnerability
    Summary
    When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Gateway Fabric Affected: 2.3.0 , < 2.6.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50107",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T12:57:49.527832Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T12:57:56.612Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Custom Resource Definitions"
              ],
              "product": "NGINX Gateway Fabric",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.6.4",
                  "status": "affected",
                  "version": "2.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the \u003c/span\u003e\u003cstrong\u003eNginxProxy\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy\u00a0Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T20:04:44.518Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161785"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "NGINX Gateway Fabric vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-50107",
        "datePublished": "2026-06-17T20:04:44.518Z",
        "dateReserved": "2026-06-17T16:35:56.336Z",
        "dateUpdated": "2026-06-18T12:57:56.612Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11311 (GCVE-0-2026-11311)

    Vulnerability from cvelistv5 – Published: 2026-06-17 14:04 – Updated: 2026-06-17 15:42 X_F5
    VLAI
    Title
    NGINX Gateway Fabric vulnerability
    Summary
    When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the AuthenticationFilter Custom Resource Definition extraAuthArgs field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-76 - Improper Neutralization of Equvalent Special Elements
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Gateway Fabric Affected: 2.5.0 , < 2.6.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    F5
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11311",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T15:42:03.715663Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T15:42:37.296Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Custom Resource Definitions"
              ],
              "product": "NGINX Gateway Fabric",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "2.6.4",
                  "status": "affected",
                  "version": "2.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "F5"
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the \u003c/span\u003e\u003cstrong\u003eNginxProxy\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Custom Resource Definition \u003c/span\u003e\u003cstrong\u003eserverTokens\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;field and the \u003c/span\u003e\u003cstrong\u003eAuthenticationFilter\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Custom Resource Definition \u003c/span\u003e\u003cstrong\u003eextraAuthArgs\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy\u00a0Custom Resource Definition serverTokens\u00a0field and the AuthenticationFilter\u00a0Custom Resource Definition extraAuthArgs\u00a0field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-76",
                  "description": "CWE-76 Improper Neutralization of Equvalent Special Elements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T14:04:33.197Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161611"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "tags": [
            "x_F5"
          ],
          "title": "NGINX Gateway Fabric vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-11311",
        "datePublished": "2026-06-17T14:04:33.197Z",
        "dateReserved": "2026-06-04T18:01:54.825Z",
        "dateUpdated": "2026-06-17T15:42:37.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-48142 (GCVE-0-2026-48142)

    Vulnerability from cvelistv5 – Published: 2026-06-17 14:04 – Updated: 2026-06-17 15:42 X_F5
    VLAI
    Title
    NGINX ngx_http_charset_module vulnerability
    Summary
    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Open Source Affected: 1.13.10 , < 1.31.2 (custom)
    Affected: 1.30.0 , < 1.30.3 (custom)
    Create a notification for this product.
    F5 NGINX Plus Affected: 37.0 , < 37.0.2.1 (custom)
    Affected: R36 , < R36 P6 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    "F5 acknowledges p4p3r of CYBERONE and Han Yan of Xiaomi for bringing this issue to our attention and following the highest standards of coordinated disclosure."
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-48142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T15:42:46.410409Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T15:42:56.704Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_charset_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.2",
                  "status": "affected",
                  "version": "1.13.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.3",
                  "status": "affected",
                  "version": "1.30.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ngx_http_charset_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.2.1",
                  "status": "affected",
                  "version": "37.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P6",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "\"F5 acknowledges p4p3r of CYBERONE and Han Yan of Xiaomi for bringing this issue to our attention and following the highest standards of coordinated disclosure.\""
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_charset_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module. When content is served or proxied through a location block with both \u003c/span\u003e\u003cstrong\u003esource_charset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;utf-8; and a \u003c/span\u003e\u003cstrong\u003echarset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive (for example, \u003c/span\u003e\u003cstrong\u003echarset koi8-r\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module\u00a0module. When content is served or proxied through a location block with both source_charset\u00a0utf-8; and a charset\u00a0directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T14:04:32.856Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161585"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_F5"
          ],
          "title": "NGINX ngx_http_charset_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-48142",
        "datePublished": "2026-06-17T14:04:32.856Z",
        "dateReserved": "2026-06-02T21:45:04.856Z",
        "dateUpdated": "2026-06-17T15:42:56.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42055 (GCVE-0-2026-42055)

    Vulnerability from cvelistv5 – Published: 2026-06-17 14:04 – Updated: 2026-07-15 00:58 X_F5
    VLAI
    Title
    NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability
    Summary
    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    f5
    References
    Impacted products
    Vendor Product Version
    F5 NGINX Open Source Affected: 1.13.10 , < 1.31.2 (custom)
    Affected: 1.30.2 , < 1.30.3 (custom)
    Create a notification for this product.
    F5 NGINX Plus Affected: 37.0 , < 37.0.2.1 (custom)
    Affected: R36 , < R36 P6 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 2:1.26.3-6.el10_2.5 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260707171317.489197e6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 2:1.20.1-28.el9_8.4 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 9080020260707164406.9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 9080020260707110000.9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 1.30.3-2.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    Create a notification for this product.
    Date Public
    2026-06-17 14:00
    Credits
    "F5 acknowledges Mufeed VH of Winfunc Research, Trung Nguyen (@everping) of CyStack, Feng Xue and XGPT of ThreatBook, Hcamael and 章鱼哥 of aipyapp, and Zhen Yan (AntAISecurityLab) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T03:57:46.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "2:1.26.3-6.el10_2.5",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx:1.24",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8100020260707171317.489197e6",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "2:1.20.1-28.el9_8.4",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx:1.24",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "9080020260707164406.9",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx:1.26",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "9080020260707110000.9",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx-main",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1.30.3-2.hum1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "odf4/ocs-client-console-rhel9",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "affected",
                "packageName": "odf4/odf-console-rhel9",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "odf4/odf-multicluster-console-rhel9",
                "product": "Red Hat Openshift Data Foundation 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-17T14:04:32.520Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngx_http_proxy_v2_module or ngx_http_grpc_module with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart of the NGINX worker process and a Denial of Service (DoS). Under certain conditions, such as when Address Space Layout Randomization (ASLR) is disabled or bypassed, this vulnerability could also allow for arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-131",
                    "description": "Incorrect Calculation of Buffer Size",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:58:16.251Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42055"
              },
              {
                "name": "RHBZ#2489866",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489866"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42055.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36364"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:38847"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36618"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36331"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36639"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27197"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:36364: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:38847: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36618: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36331: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36639: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27197: Red Hat Hardened Images"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-17T16:01:41.848Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-17T14:04:32.520Z",
                "value": "Made public."
              }
            ],
            "title": "nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, ensure that the `ignore_invalid_headers` directive is set to `on` in your NGINX configuration, or reduce the size specified by the `large_client_header_buffers` directive to 2 megabytes or less. These changes require an NGINX service reload or restart to take effect. Reloading the NGINX service is generally safe, but a restart will briefly interrupt service."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_proxy_v2_module",
                "ngx_http_grpc_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.2",
                  "status": "affected",
                  "version": "1.13.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.30.3",
                  "status": "affected",
                  "version": "1.30.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "modules": [
                "ngx_http_proxy_v2_module",
                "ngx_http_grpc_module"
              ],
              "product": "NGINX Plus",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "37.0.2.1",
                  "status": "affected",
                  "version": "37.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "R36 P6",
                  "status": "affected",
                  "version": "R36",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "\"F5 acknowledges Mufeed VH of Winfunc Research, Trung Nguyen (@everping) of CyStack, Feng Xue and XGPT of ThreatBook, Hcamael and \u7ae0\u9c7c\u54e5 of aipyapp, and Zhen Yan (AntAISecurityLab) for bringing this issue to our attention and following the highest standards of coordinated disclosure.\""
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_proxy_v2_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003engx_http_grpc_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;modules. This vulnerability exists when the \u003c/span\u003e\u003cstrong\u003eproxy_http_version to 2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or \u003c/span\u003e\u003cstrong\u003egrpc_pass\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directives are used to proxy HTTP/2 traffic, the \u003c/span\u003e\u003cstrong\u003eignore_invalid_headers\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive is set to off, and the \u003c/span\u003e\u003cstrong\u003elarge_client_header_buffers\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module\u00a0and ngx_http_grpc_module\u00a0modules. This vulnerability exists when the proxy_http_version to 2\u00a0or grpc_pass\u00a0directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers\u00a0directive is set to off, and the large_client_header_buffers\u00a0directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T14:04:32.520Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161584"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_F5"
          ],
          "title": "NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-42055",
        "datePublished": "2026-06-17T14:04:32.520Z",
        "dateReserved": "2026-06-02T21:45:04.818Z",
        "dateUpdated": "2026-07-15T00:58:16.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42530 (GCVE-0-2026-42530)

    Vulnerability from cvelistv5 – Published: 2026-06-17 14:04 – Updated: 2026-07-15 00:57 X_F5
    VLAI
    Title
    NGINX Open-Source ngx_http_v3_module vulnerability
    Summary
    NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    f5
    Impacted products
    Date Public
    2026-06-17 14:00
    Credits
    "F5 acknowledges Trung Nguyen (@everping) of CyStack, Zhenpeng (Leo) Lin (depthfirst), Evan Hellman (@xintenseapple) of Trail of Bits in collaboration with OpenAI, AntAISecurityLab, and Nebula Security (@nebusecurity) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42530",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T03:57:47.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx:1.24/nginx",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx:1.24/nginx",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "unaffected",
                "packageName": "nginx:1.26/nginx",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "packageName": "nginx",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:insights_proxy:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "insights-proxy/insights-proxy-container-rhel9",
                "product": "Red Hat Lightspeed proxy 1",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-17T14:04:32.173Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in the ngx_http_v3_module module of NGINX. When NGINX is configured to use the HTTP/3 QUIC module, an attacker can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream and cause a use-after-free issue, potentially allowing code execution or a denial of service by forcing the process to restart."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:57:24.949Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-42530"
              },
              {
                "name": "RHBZ#2489872",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489872"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42530.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-17T16:02:06.547Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-17T14:04:32.173Z",
                "value": "Made public."
              }
            ],
            "title": "nginx: ngx_http_v3_module: use-after-free issue leads to denial of service",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, disable HTTP/3 by removing quic from all listen directives."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "ngx_http_v3_module"
              ],
              "product": "NGINX Open Source",
              "vendor": "F5",
              "versions": [
                {
                  "lessThan": "1.31.2",
                  "status": "affected",
                  "version": "1.31.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "\"F5 acknowledges Trung Nguyen (@everping) of CyStack, Zhenpeng (Leo) Lin (depthfirst), Evan Hellman (@xintenseapple) of Trail of Bits in collaboration with OpenAI, AntAISecurityLab, and Nebula Security (@nebusecurity) for bringing this issue to our attention and following the highest standards of coordinated disclosure.\""
            }
          ],
          "datePublic": "2026-06-17T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Open Source has a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_v3_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u003c/span\u003e  \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
                }
              ],
              "value": "NGINX Open Source has a vulnerability in the ngx_http_v3_module\u00a0module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T14:04:32.173Z",
            "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
            "shortName": "f5"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://my.f5.com/manage/s/article/K000161616"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_F5"
          ],
          "title": "NGINX Open-Source ngx_http_v3_module vulnerability",
          "x_generator": {
            "engine": "F5 SIRTBot v1.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "assignerShortName": "f5",
        "cveId": "CVE-2026-42530",
        "datePublished": "2026-06-17T14:04:32.173Z",
        "dateReserved": "2026-06-02T21:45:04.719Z",
        "dateUpdated": "2026-07-15T00:57:24.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49975 (GCVE-0-2026-49975)

    Vulnerability from cvelistv5 – Published: 2026-06-08 15:26 – Updated: 2026-07-15 00:47
    VLAI
    Title
    Apache HTTP Server: mod_http2 denial of service
    Summary
    Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-789 - Memory Allocation with Excessive Size Value
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache HTTP Server Affected: 2.4.17 , ≤ 2.4.67 (semver)
    Create a notification for this product.
    Red Hat JBoss Core Services for RHEL 8 Unaffected: 0:2.4.62-13.el8jbcs , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1::el8
    Create a notification for this product.
    Red Hat JBoss Core Services for RHEL 8 Unaffected: 0:2.0.29-10.el8jbcs , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1::el8
    Create a notification for this product.
    Red Hat JBoss Core Services on RHEL 7 Unaffected: 0:2.4.62-13.el7jbcs , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1::el7
    Create a notification for this product.
    Red Hat JBoss Core Services on RHEL 7 Unaffected: 0:2.0.29-10.el7jbcs , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1::el7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.0.29-4.el10_2.1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020260608081321.489197e6 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020260702193120.522a0ee4 , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 8040020260702193120.522a0ee4 , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.4
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020260702195216.ad008a3a , < * (rpm)
        cpe:/a:redhat:rhel_aus:8.6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Unaffected: 8060020260702195216.ad008a3a , < * (rpm)
        cpe:/a:redhat:rhel_eus_long_life:8.6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 8080020260702200145.63b34585 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 8080020260702200145.63b34585 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.0.26-6.el9_8.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services 2.4.62.SP4 Unaffected: httpd24-httpd , < * (rpm)
    Unaffected: httpd24-mod_http2 , < * (rpm)
        cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat Hardened Images Unaffected: 2.4.68-1.hum1 , < * (rpm)
        cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 2.6 Unaffected: 1781604724 , < * (rpm)
        cpe:/a:redhat:service_mesh:2.6::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Core Services     cpe:/a:redhat:jboss_core_services:1
    Create a notification for this product.
    Red Hat Red Hat JBoss Web Server 5     cpe:/a:redhat:jboss_enterprise_web_server:5
    Create a notification for this product.
    Credits
    Quang Luong of Calif.IO in collaboration with OpenAI Codex
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-08T22:32:35.729Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/03/3"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/08/16"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49975",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T10:27:36.270403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T10:29:04.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/EQSTLab/CVE-2026-49975"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs-httpd24-httpd",
                "product": "JBoss Core Services for RHEL 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.4.62-13.el8jbcs",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el8"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs-httpd24-mod_http2",
                "product": "JBoss Core Services for RHEL 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.0.29-10.el8jbcs",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el7"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs-httpd24-httpd",
                "product": "JBoss Core Services on RHEL 7",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.4.62-13.el7jbcs",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1::el7"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs-httpd24-mod_http2",
                "product": "JBoss Core Services on RHEL 7",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.0.29-10.el7jbcs",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "packageName": "mod_http2",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.0.29-4.el10_2.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8100020260608081321.489197e6",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8040020260702193120.522a0ee4",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8040020260702193120.522a0ee4",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8060020260702195216.ad008a3a",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.6"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8060020260702195216.ad008a3a",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8080020260702200145.63b34585",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd:2.4",
                "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "8080020260702200145.63b34585",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "mod_http2",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "0:2.0.26-6.el9_8.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "affected",
                "packageName": "jbcs",
                "product": "Red Hat JBoss Core Services 2.4.62.SP4",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "httpd24-httpd",
                    "versionType": "rpm"
                  },
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "httpd24-mod_http2",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "packageName": "httpd-main",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "2.4.68-1.hum1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://catalog.redhat.com/software/containers/",
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2.6::el9"
                ],
                "defaultStatus": "affected",
                "packageName": "openshift-service-mesh/proxyv2-rhel9",
                "product": "Red Hat OpenShift Service Mesh 2.6",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1781604724",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apache-commons-daemon",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apache-commons-daemon-jsvc",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apr",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apr-util",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-brotli",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-compose",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-curl",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-dist",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-jansson",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_cluster-native",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_jk",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_md",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_proxy_cluster",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-mod_security",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-nghttp2",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-openssl",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-openssl-chil",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_core_services:1"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-openssl-pkcs11",
                "product": "Red Hat JBoss Core Services",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_web_server:5"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-apr",
                "product": "Red Hat JBoss Web Server 5",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:jboss_enterprise_web_server:5"
                ],
                "defaultStatus": "unaffected",
                "packageName": "jbcs-httpd24-openssl",
                "product": "Red Hat JBoss Web Server 5",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-03T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-409",
                    "description": "Improper Handling of Highly Compressed Data (Data Amplification)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T00:47:26.100Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-49975"
              },
              {
                "name": "RHBZ#2485371",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49975.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27200"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25225"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25090"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36846"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36831"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36373"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25057"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:25042"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27201"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:27114"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:27200: Red Hat JBoss Core Services on RHEL 7 Server, Red Hat JBoss Core Services on RHEL 8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25225: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25090: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36846: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36831: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36373: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25057: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:25042: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27201: Red Hat JBoss Core Services 2.4.62.SP4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:27114: Red Hat OpenShift Service Mesh 2.6"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-05T06:04:44.009Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-03T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "httpd: httpd: HTTP/2 Remote Denial of Service via compression bomb and Slowloris-style attack",
            "workarounds": [
              {
                "lang": "en",
                "value": "See the security bulletin for a detailed mitigation procedure."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache HTTP Server",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.67",
                  "status": "affected",
                  "version": "2.4.17",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Quang Luong of Calif.IO in collaboration with OpenAI Codex"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\n\nThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "CWE-789 Memory Allocation with Excessive Size Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T15:26:04.674Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-26T12:00:00.000Z",
              "value": "reported"
            },
            {
              "lang": "en",
              "time": "2026-05-27T12:00:00.000Z",
              "value": "fixed upstream in mod_h2 https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c"
            },
            {
              "lang": "en",
              "time": "2026-06-02T12:00:00.000Z",
              "value": "fixed in 2.4.x by r1934882"
            },
            {
              "lang": "eng",
              "time": "2026-06-08T12:00:00.000Z",
              "value": "2.4.68 released"
            }
          ],
          "title": "Apache HTTP Server: mod_http2 denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2026-49975",
        "datePublished": "2026-06-08T15:26:04.674Z",
        "dateReserved": "2026-06-02T17:20:37.983Z",
        "dateUpdated": "2026-07-15T00:47:26.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }