Search CVE reports


Toggle filters

1 – 10 of 83 results


CVE-2026-60005

Medium priority
Needs evaluation

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can...

1 affected package

nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nginx Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-56434

Medium priority
Needs evaluation

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. With this...

1 affected package

nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nginx Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-42533

Medium priority
Needs evaluation

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively,...

1 affected package

nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nginx Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-48142

Medium priority

Some fixes available 4 of 8

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset...

1 affected package

nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nginx Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2026-42055

Medium priority

Some fixes available 4 of 8

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2...

1 affected package

nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nginx Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2026-42530

Medium priority
Not affected

NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a...

1 affected package

nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nginx Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-11311

Medium priority
Not affected

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from...

1 affected package

nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nginx Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-49975

Medium priority

Some fixes available 8 of 13

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

2 affected packages

apache2, nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Fixed Fixed Fixed Vulnerable Vulnerable
nginx Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2026-9256

Medium priority
Fixed

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression...

1 affected package

nginx

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nginx Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2026-8711

Medium priority
Fixed

NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation...

1 affected package

libnginx-mod-js

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libnginx-mod-js Fixed Not affected Not in release
Show less packages