Vulnerability-Lookup

RHSA-2026:27197

Vulnerability from csaf_redhat - Published: 2026-06-19 09:14 - Updated: 2026-06-30 04:25

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Important

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs: nginx: * nginx-1.30.3-2.hum1 (aarch64, x86_64) * nginx-all-modules-1.30.3-2.hum1 (noarch) * nginx-core-1.30.3-2.hum1 (aarch64, x86_64) * nginx-filesystem-1.30.3-2.hum1 (noarch) * nginx-mod-devel-1.30.3-2.hum1 (aarch64, x86_64) * nginx-mod-http-geoip-1.30.3-2.hum1 (aarch64, x86_64) * nginx-mod-http-image-filter-1.30.3-2.hum1 (aarch64, x86_64) * nginx-mod-http-perl-1.30.3-2.hum1 (aarch64, x86_64) * nginx-mod-http-xslt-filter-1.30.3-2.hum1 (aarch64, x86_64) * nginx-mod-mail-1.30.3-2.hum1 (aarch64, x86_64) * nginx-mod-stream-1.30.3-2.hum1 (aarch64, x86_64) * nginx-mod-stream-geoip-1.30.3-2.hum1 (aarch64, x86_64) * nginx-1.30.3-2.hum1.src (src)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-42055

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngx_http_proxy_v2_module or ngx_http_grpc_module with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart of the NGINX worker process and a Denial of Service (DoS). Under certain conditions, such as when Address Space Layout Randomization (ASLR) is disabled or bypassed, this vulnerability could also allow for arbitrary code execution.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nginx-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nginx-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-48142

A flaw was found in NGINX. Remote, unauthenticated attackers can exploit a vulnerability in the `ngx_http_charset_module` when specific charset configurations are present. This can lead to a heap buffer over-read, potentially causing limited disclosure of memory or a denial of service by restarting the NGINX worker process.

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nginx-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nginx-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

16 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:27197	self
https://images.redhat.com/	external
https://access.redhat.com/security/cve/CVE-2026-48142	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/cve/CVE-2026-42055	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-42055	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489866	external
https://www.cve.org/CVERecord?id=CVE-2026-42055	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42055	external
https://my.f5.com/manage/s/article/K000161584	external
https://access.redhat.com/security/cve/CVE-2026-48142	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489858	external
https://www.cve.org/CVERecord?id=CVE-2026-48142	external
https://nvd.nist.gov/vuln/detail/CVE-2026-48142	external
https://my.f5.com/manage/s/article/K000161585	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nnginx:\n  * nginx-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-all-modules-1.30.3-2.hum1 (noarch)\n  * nginx-core-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-filesystem-1.30.3-2.hum1 (noarch)\n  * nginx-mod-devel-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-mod-http-geoip-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-mod-http-image-filter-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-mod-http-perl-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-mod-http-xslt-filter-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-mod-mail-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-mod-stream-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-mod-stream-geoip-1.30.3-2.hum1 (aarch64, x86_64)\n  * nginx-1.30.3-2.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:27197",
        "url": "https://access.redhat.com/errata/RHSA-2026:27197"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-48142",
        "url": "https://access.redhat.com/security/cve/CVE-2026-48142"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42055",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42055"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27197.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-30T04:25:57+00:00",
      "generator": {
        "date": "2026-06-30T04:25:57+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.0"
        }
      },
      "id": "RHSA-2026:27197",
      "initial_release_date": "2026-06-19T09:14:37+00:00",
      "revision_history": [
        {
          "date": "2026-06-19T09:14:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-26T14:09:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T04:25:57+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-main@aarch64",
                "product": {
                  "name": "nginx-main@aarch64",
                  "product_id": "nginx-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nginx@1.30.3-2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-main@src",
                "product": {
                  "name": "nginx-main@src",
                  "product_id": "nginx-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nginx@1.30.3-2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-main@x86_64",
                "product": {
                  "name": "nginx-main@x86_64",
                  "product_id": "nginx-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nginx@1.30.3-2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-main@noarch",
                "product": {
                  "name": "nginx-main@noarch",
                  "product_id": "nginx-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nginx-all-modules@1.30.3-2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nginx-main@aarch64"
        },
        "product_reference": "nginx-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nginx-main@noarch"
        },
        "product_reference": "nginx-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nginx-main@src"
        },
        "product_reference": "nginx-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nginx-main@x86_64"
        },
        "product_reference": "nginx-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-42055",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-06-17T16:01:41.848723+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489866"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngx_http_proxy_v2_module or ngx_http_grpc_module with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart of the NGINX worker process and a Denial of Service (DoS). Under certain conditions, such as when Address Space Layout Randomization (ASLR) is disabled or bypassed, this vulnerability could also allow for arbitrary code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is classified as Important severity primarily because:\nConditions for Exploitation: A remote, unauthenticated attacker can only exploit this if NGINX is explicitly configured to proxy HTTP/2 traffic using the ngx_http_proxy_v2_module or ngx_http_grpc_module.\n\nImpact Limitations: While the flaw reliably causes a Denial of Service (worker restart), achieving arbitrary code execution is highly complex in modern environments as it requires the attacker to bypass or disable Address Space Layout Randomization (ASLR)",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42055"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489866",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489866"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42055",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42055"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42055",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42055"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000161584",
          "url": "https://my.f5.com/manage/s/article/K000161584"
        }
      ],
      "release_date": "2026-06-17T14:04:32.520000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-19T09:14:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27197"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, ensure that the `ignore_invalid_headers` directive is set to `on` in your NGINX configuration, or reduce the size specified by the `large_client_header_buffers` directive to 2 megabytes or less. These changes require an NGINX service reload or restart to take effect. Reloading the NGINX service is generally safe, but a restart will briefly interrupt service.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers"
    },
    {
      "cve": "CVE-2026-48142",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2026-06-17T16:01:11.259630+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489858"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in NGINX. Remote, unauthenticated attackers can exploit a vulnerability in the `ngx_http_charset_module` when specific charset configurations are present. This can lead to a heap buffer over-read, potentially causing limited disclosure of memory or a denial of service by restarting the NGINX worker process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nginx: NGINX: Memory disclosure or denial of service via ngx_http_charset_module heap buffer over-read",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nginx-main@aarch64",
          "Red Hat Hardened Images:nginx-main@noarch",
          "Red Hat Hardened Images:nginx-main@src",
          "Red Hat Hardened Images:nginx-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-48142"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489858",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489858"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-48142",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-48142"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48142",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48142"
        },
        {
          "category": "external",
          "summary": "https://my.f5.com/manage/s/article/K000161585",
          "url": "https://my.f5.com/manage/s/article/K000161585"
        }
      ],
      "release_date": "2026-06-17T14:04:32.856000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-19T09:14:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27197"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, avoid configuring NGINX with both `source_charset utf-8;` and an additional `charset` directive within the same location block in the `ngx_http_charset_module`. If these directives are not essential for your NGINX deployment, removing one or both will prevent the vulnerability from being exploited. After modifying the NGINX configuration, reload the NGINX service using `systemctl reload nginx`. This action may temporarily interrupt active connections.",
          "product_ids": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nginx-main@aarch64",
            "Red Hat Hardened Images:nginx-main@noarch",
            "Red Hat Hardened Images:nginx-main@src",
            "Red Hat Hardened Images:nginx-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nginx: NGINX: Memory disclosure or denial of service via ngx_http_charset_module heap buffer over-read"
    }
  ]
}

CVE-2026-42055 (GCVE-0-2026-42055)

Vulnerability from cvelistv5 – Published: 2026-06-17 14:04 – Updated: 2026-06-30 03:20 X_F5

Title

NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

Summary

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 (Critical)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-131 - Incorrect Calculation of Buffer Size

Assigner

References

5 references

URL	Tags
https://my.f5.com/manage/s/article/K000161584	vendor-advisory
https://access.redhat.com/security/cve/CVE-2026-42055	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2489866	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:27197	vendor-advisoryx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
F5	NGINX Open Source	Affected: 1.13.10 , < 1.31.2 (custom) Affected: 1.30.2 , < 1.30.3 (custom)
F5	NGINX Plus	Affected: 37.0 , < 37.0.2.1 (custom) Affected: R36 , < R36 P6 (custom)
Red Hat	Red Hat Hardened Images	cpe:/a:redhat:hummingbird:1
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Date Public

2026-06-17 14:00

Credits

"F5 acknowledges Mufeed VH of Winfunc Research, Trung Nguyen (@everping) of CyStack, Feng Xue and XGPT of ThreatBook, Hcamael and 章鱼哥 of aipyapp, and Zhen Yan (AntAISecurityLab) for bringing this issue to our attention and following the highest standards of coordinated disclosure."

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42055",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T03:57:46.697Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-06-17T14:04:32.520Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngx_http_proxy_v2_module or ngx_http_grpc_module with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart of the NGINX worker process and a Denial of Service (DoS). Under certain conditions, such as when Address Space Layout Randomization (ASLR) is disabled or bypassed, this vulnerability could also allow for arbitrary code execution."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-131",
                "description": "Incorrect Calculation of Buffer Size",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:20:55.068Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-42055"
          },
          {
            "name": "RHBZ#2489866",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489866"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42055.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27197"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:27197: Red Hat Hardened Images"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-17T16:01:41.848Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-06-17T14:04:32.520Z",
            "value": "Made public."
          }
        ],
        "title": "nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this vulnerability, ensure that the `ignore_invalid_headers` directive is set to `on` in your NGINX configuration, or reduce the size specified by the `large_client_header_buffers` directive to 2 megabytes or less. These changes require an NGINX service reload or restart to take effect. Reloading the NGINX service is generally safe, but a restart will briefly interrupt service."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_proxy_v2_module",
            "ngx_http_grpc_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.31.2",
              "status": "affected",
              "version": "1.13.10",
              "versionType": "custom"
            },
            {
              "lessThan": "1.30.3",
              "status": "affected",
              "version": "1.30.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_proxy_v2_module",
            "ngx_http_grpc_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "37.0.2.1",
              "status": "affected",
              "version": "37.0",
              "versionType": "custom"
            },
            {
              "lessThan": "R36 P6",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "\"F5 acknowledges Mufeed VH of Winfunc Research, Trung Nguyen (@everping) of CyStack, Feng Xue and XGPT of ThreatBook, Hcamael and \u7ae0\u9c7c\u54e5 of aipyapp, and Zhen Yan (AntAISecurityLab) for bringing this issue to our attention and following the highest standards of coordinated disclosure.\""
        }
      ],
      "datePublic": "2026-06-17T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_proxy_v2_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003engx_http_grpc_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;modules. This vulnerability exists when the \u003c/span\u003e\u003cstrong\u003eproxy_http_version to 2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or \u003c/span\u003e\u003cstrong\u003egrpc_pass\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directives are used to proxy HTTP/2 traffic, the \u003c/span\u003e\u003cstrong\u003eignore_invalid_headers\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive is set to off, and the \u003c/span\u003e\u003cstrong\u003elarge_client_header_buffers\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module\u00a0and ngx_http_grpc_module\u00a0modules. This vulnerability exists when the proxy_http_version to 2\u00a0or grpc_pass\u00a0directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers\u00a0directive is set to off, and the large_client_header_buffers\u00a0directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T14:04:32.520Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000161584"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_F5"
      ],
      "title": "NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-42055",
    "datePublished": "2026-06-17T14:04:32.520Z",
    "dateReserved": "2026-06-02T21:45:04.818Z",
    "dateUpdated": "2026-06-30T03:20:55.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48142 (GCVE-0-2026-48142)

Vulnerability from cvelistv5 – Published: 2026-06-17 14:04 – Updated: 2026-06-17 15:42 X_F5

Title

NGINX ngx_http_charset_module vulnerability

Summary

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-125 - Out-of-bounds Read

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000161585	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
F5	NGINX Open Source	Affected: 1.13.10 , < 1.31.2 (custom) Affected: 1.30.0 , < 1.30.3 (custom)
F5	NGINX Plus	Affected: 37.0 , < 37.0.2.1 (custom) Affected: R36 , < R36 P6 (custom)

Date Public

2026-06-17 14:00

Credits

"F5 acknowledges p4p3r of CYBERONE and Han Yan of Xiaomi for bringing this issue to our attention and following the highest standards of coordinated disclosure."

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48142",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T15:42:46.410409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T15:42:56.704Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_charset_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.31.2",
              "status": "affected",
              "version": "1.13.10",
              "versionType": "custom"
            },
            {
              "lessThan": "1.30.3",
              "status": "affected",
              "version": "1.30.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_charset_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "37.0.2.1",
              "status": "affected",
              "version": "37.0",
              "versionType": "custom"
            },
            {
              "lessThan": "R36 P6",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "\"F5 acknowledges p4p3r of CYBERONE and Han Yan of Xiaomi for bringing this issue to our attention and following the highest standards of coordinated disclosure.\""
        }
      ],
      "datePublic": "2026-06-17T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_charset_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module. When content is served or proxied through a location block with both \u003c/span\u003e\u003cstrong\u003esource_charset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;utf-8; and a \u003c/span\u003e\u003cstrong\u003echarset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive (for example, \u003c/span\u003e\u003cstrong\u003echarset koi8-r\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/span\u003e \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module\u00a0module. When content is served or proxied through a location block with both source_charset\u00a0utf-8; and a charset\u00a0directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T14:04:32.856Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000161585"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_F5"
      ],
      "title": "NGINX ngx_http_charset_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-48142",
    "datePublished": "2026-06-17T14:04:32.856Z",
    "dateReserved": "2026-06-02T21:45:04.856Z",
    "dateUpdated": "2026-06-17T15:42:56.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:27197

CVE-2026-42055 (GCVE-0-2026-42055)

CVE-2026-48142 (GCVE-0-2026-48142)

Tags

Sightings

Nomenclature