CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-42926 – NGINX ngx_http_proxy_v2_module vulnerability
https://notcve.org/view.php?id=CVE-2026-42926
13 May 2026 — When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000161131 • CWE-172: Encoding Error •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40460 – NGINX ngx_quic_module vulnerability
https://notcve.org/view.php?id=CVE-2026-40460
13 May 2026 — When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000161068 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-42946 – NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
https://notcve.org/view.php?id=CVE-2026-42946
13 May 2026 — A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000161027 • CWE-789: Memory Allocation with Excessive Size Value CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-42934 – NGINX ngx_http_charset_module vulnerability
https://notcve.org/view.php?id=CVE-2026-42934
13 May 2026 — NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evalu... • https://my.f5.com/manage/s/article/K000161028 • CWE-125: Out-of-bounds Read •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2026-42945 – NGINX ngx_http_rewrite_module vulnerability
https://notcve.org/view.php?id=CVE-2026-42945
13 May 2026 — NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow... • https://my.f5.com/manage/s/article/K000161019 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40701 – NGINX ngx_http_ssl_module vulnerability
https://notcve.org/view.php?id=CVE-2026-40701
13 May 2026 — NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX w... • https://my.f5.com/manage/s/article/K000161021 • CWE-416: Use After Free •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2026-40423 – BIG-IP SIP profile vulnerability
https://notcve.org/view.php?id=CVE-2026-40423
13 May 2026 — When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000161023 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2026-42930 – Appliance mode iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2026-42930
13 May 2026 — When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000160876 • CWE-35: Path Traversal: '.../ •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2026-24464 – Appliance mode iControl REST vulnerability
https://notcve.org/view.php?id=CVE-2026-24464
13 May 2026 — When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000160911 • CWE-35: Path Traversal: '.../ •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2026-39458 – BIG-IP DNS Cache vulnerability
https://notcve.org/view.php?id=CVE-2026-39458
13 May 2026 — When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. • https://my.f5.com/manage/s/article/K000160945 • CWE-824: Access of Uninitialized Pointer •