F5 Patches Two Critical NGINX Flaws Enabling Remote Code Execution
F5 releases out-of-band patches for CVE-2026-42530 and CVE-2026-42055, both CVSS 9.2 vulnerabilities in NGINX Open Source that allow unauthenticated remote code execution.
5 articles tagged with "Nginx"
F5 releases out-of-band patches for CVE-2026-42530 and CVE-2026-42055, both CVSS 9.2 vulnerabilities in NGINX Open Source that allow unauthenticated remote code execution.
CVE-2026-49975 combines HPACK compression abuse with Slowloris-style holds to exhaust 32GB of server memory in 10 seconds. nginx and Apache patched; IIS, Envoy remain exposed.
Security researchers disclose nginx-poolslip, an unpatched zero-day in NGINX 1.31.0 that defeats ASLR protection. Millions of servers at risk with no CVE or fix available yet.
CVE-2026-42945 is a critical heap buffer overflow in NGINX's rewrite module that went undetected since 2008. CVSS 9.2 with public PoC available—patch now.
Over 1,000 IPs exploit CVE-2025-55182 to inject malicious NGINX configs that redirect web traffic through attacker infrastructure, targeting Asian government and education sites.