Vulnerability-Lookup

CVE-2026-42934 (GCVE-0-2026-42934)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:07

Title

NGINX ngx_http_charset_module vulnerability

Summary

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000161028	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
F5	NGINX Plus	Unaffected: R37 , < * (custom) Affected: R36 , < R36 P4 (custom) Affected: R32 , < R32 P6 (custom)
F5	NGINX Open Source	Unaffected: 1.31.0 , < * (semver) Affected: 0.3.50 , < 1.30.1 (semver)

Date Public ?

2026-05-13 14:00

Credits

F5 acknowledges David Carlier and Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T15:55:18.483975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:07:10.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_charset_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "R37",
              "versionType": "custom"
            },
            {
              "lessThan": "R36 P4",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P6",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_charset_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.31.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "0.3.50",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5 acknowledges David Carlier and Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_charset_module \u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emodule. When \u003c/span\u003e\u003cstrong\u003echarset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, \u003c/span\u003e\u003cstrong\u003esource_charset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, and \u003c/span\u003e\u003cstrong\u003echarset_map\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003eproxy_pass\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:44.331Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000161028"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_http_charset_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-42934",
    "datePublished": "2026-05-13T14:12:44.331Z",
    "dateReserved": "2026-04-30T23:04:27.960Z",
    "dateUpdated": "2026-05-13T16:07:10.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-42934",
      "date": "2026-05-15",
      "epss": "0.00035",
      "percentile": "0.10403"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-42934\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2026-05-13T16:16:49.910\",\"lastModified\":\"2026-05-13T16:27:11.127\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\\\"off\\\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\\n\\n\\n\\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://my.f5.com/manage/s/article/K000161028\",\"source\":\"f5sirt@f5.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42934\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T15:55:18.483975Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T16:07:05.799Z\"}}], \"cna\": {\"title\": \"NGINX ngx_http_charset_module vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"F5 acknowledges David Carlier and Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"modules\": [\"ngx_http_charset_module\"], \"product\": \"NGINX Plus\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"R37\", \"lessThan\": \"*\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R36\", \"lessThan\": \"R36 P4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R32\", \"lessThan\": \"R32 P6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"F5\", \"modules\": [\"ngx_http_charset_module\"], \"product\": \"NGINX Open Source\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.31.0\", \"lessThan\": \"*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.3.50\", \"lessThan\": \"1.30.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-05-13T14:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K000161028\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\\u00a0and proxy_pass\\u00a0with disabled buffering (\\\"off\\\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\\n\\n\\n\\n\\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_charset_module \u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003emodule. When \u003c/span\u003e\u003cstrong\u003echarset\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e, \u003c/span\u003e\u003cstrong\u003esource_charset\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e, and \u003c/span\u003e\u003cstrong\u003echarset_map\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003eproxy_pass\u003c/strong\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;with disabled buffering (\\\"off\\\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/span\u003e\\n\\n\u003c/span\u003e\\n\\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2026-05-13T14:12:44.331Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-42934\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T16:07:10.334Z\", \"dateReserved\": \"2026-04-30T23:04:27.960Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2026-05-13T14:12:44.331Z\", \"assignerShortName\": \"f5\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

bit-nginx-2026-42934

Vulnerability from bitnami_vulndb

Published

2026-05-15 08:50

Modified

2026-05-15 09:12

Summary

NGINX ngx_http_charset_module vulnerability

Details

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "nginx",
        "purl": "pkg:bitnami/nginx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.50"
            },
            {
              "fixed": "1.30.1"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "type": "CVSS_V4"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42934"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "BIT-nginx-2026-42934",
  "modified": "2026-05-15T09:12:54.074Z",
  "published": "2026-05-15T08:50:06.374Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000161028"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42934"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "NGINX ngx_http_charset_module vulnerability"
}

CERTFR-2026-AVI-0591

Vulnerability from certfr_avis - Published: 2026-05-15 - Updated: 2026-05-15

De multiples vulnérabilités ont été découvertes dans les produits F5. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
F5	N/A	BIG-IP APM versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1
F5	N/A	BIG-IP DNS versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1
F5	N/A	BIG-IP Advanced WAF/ASM versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1
F5	BIG-IP	BIG-IP versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1
F5	BIG-IP Next	BIG-IP Next for Kubernetes versions 2.x antérieures à 2.2.0
F5	NGINX	F5 DoS for NGINX versions 4.8.0
F5	BIG-IP	BIG-IP versions 16.1.0 à 16.1.6 antérieures à 17.1.3
F5	N/A	BIG-IP DNS versions 17.5.0 à 17.5.1 antérieures à 21.0.0
F5	BIG-IP Next	BIG-IP Next SPK versions 1.7.0 à 1.7.16 antérieures à 1.7.17
F5	BIG-IP	BIG-IP versions 21.0.x antérieures à 21.0.0.2
F5	N/A	BIG-IP SSL Orchestrator versions 21.0.0 antérieures à 21.0.0.1 (SSL Orchestrator 13.1.3)
F5	BIG-IP Next	BIG-IP Next SPK versions 2.0.0 à 2.0.2 antérieures à 2.0.3
F5	NGINX	NGINX Open Source versions 1.0.0 à 1.30.0 antérieures à 1.30.1
F5	N/A	BIG-IP BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1
F5	NGINX	NGINX Gateway Fabric versions 1.3.0 à 1.6.2
F5	BIG-IP Next	BIG-IP Next CNF versions 2.0.0 à 2.0.2 antérieures à 2.0.3
F5	NGINX	NGINX App Protect DoS versions 4.3.0 à 4.7.0
F5	N/A	BIG-IP APM versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4
F5	NGINX	NGINX App Protect WAF versions 4.9.0 à 4.16.0
F5	N/A	BIG-IP SSL Orchestrator versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1 (SSL Orchestrator 12.3.2)
F5	NGINX	NGINX Ingress Controller versions 5.0.0 à 5.4.2
F5	BIG-IP	BIG-IP versions 17.5.0 à 17.5.1 antérieures à 21.0.0.2
F5	NGINX	NGINX Ingress Controller versions 3.5.0 à 3.7.2
F5	NGINX	NGINX Open Source versions 0.3.50 à 0.9.7 antérieures à 1.30.1
F5	N/A	BIG-IP DNS versions 21.0.x antérieures à 21.0.0.1
F5	NGINX	NGINX Instance Manager versions 2.16.0 à 2.21.1
F5	N/A	BIG-IP BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4
F5	NGINX	NGINX Plus versions R36 antérieures à R36 P4
F5	BIG-IQ	BIG-IQ Centralized Management versions 8.4.0 antérieures à 8.4.1
F5	N/A	BIG-IP SSL Orchestrator versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4 (SSL Orchestrator 12.3.2)
F5	BIG-IP Next	BIG-IP Next CNF versions 1.1.0 à 1.4.0 antérieures à 1.4.1
F5	NGINX	NGINX App Protect WAF versions 5.1.0 à 5.8.0
F5	NGINX	NGINX Gateway Fabric versions 2.0.0 à 2.6.0
F5	NGINX	NGINX Ingress Controller versions 4.0.0 à 4.0.1
F5	N/A	BIG-IP PEM versions 17.1.0 à 17.1.3 antérieures à 17.1.3.1
F5	N/A	BIG-IP APM versions 21.0.x antérieures à 21.0.0.1
F5	N/A	BIG-IP DNS versions 16.1.0 à 16.1.6 antérieures à 17.1.3.1
F5	N/A	BIG-IP PEM versions 21.0.x antérieures à 21.0.0.1
F5	N/A	BIG-IP Advanced WAF/ASM versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4
F5	N/A	BIG-IP Advanced WAF/ASM versions 21.0.x antérieures à 21.0.0.1
F5	N/A	BIG-IP PEM versions 17.5.0 à 17.5.1 antérieures à 17.5.1.4
F5	NGINX	NGINX Plus versions R32 antérieures à R32 P6
F5	NGINX	F5 WAF for NGINX versions 5.9.0 à 5.12.1

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K000160932

2026-05-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP APM versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP DNS versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Advanced WAF/ASM versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next for Kubernetes versions 2.x ant\u00e9rieures \u00e0 2.2.0",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "F5 DoS for NGINX versions 4.8.0",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.0 \u00e0 16.1.6 ant\u00e9rieures \u00e0 17.1.3",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP DNS versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 21.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 1.7.0 \u00e0 1.7.16 ant\u00e9rieures \u00e0 1.7.17",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP SSL Orchestrator versions 21.0.0 ant\u00e9rieures \u00e0 21.0.0.1 (SSL Orchestrator 13.1.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next SPK versions 2.0.0 \u00e0 2.0.2 ant\u00e9rieures \u00e0 2.0.3",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Open Source versions 1.0.0 \u00e0 1.30.0 ant\u00e9rieures \u00e0 1.30.1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Gateway Fabric versions 1.3.0 \u00e0 1.6.2",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 2.0.0 \u00e0 2.0.2 ant\u00e9rieures \u00e0 2.0.3",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX App Protect DoS versions 4.3.0 \u00e0 4.7.0",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX App Protect WAF versions 4.9.0 \u00e0 4.16.0",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP SSL Orchestrator versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1 (SSL Orchestrator 12.3.2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Ingress Controller versions 5.0.0 \u00e0 5.4.2",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 21.0.0.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Ingress Controller versions 3.5.0 \u00e0 3.7.2",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Open Source versions 0.3.50 \u00e0 0.9.7 ant\u00e9rieures \u00e0 1.30.1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP DNS versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Instance Manager versions 2.16.0 \u00e0 2.21.1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP BIG-IP Advanced WAF/ASM and BIG-IP DDoS Hybrid Defender versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions R36 ant\u00e9rieures \u00e0 R36 P4",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IQ Centralized Management versions 8.4.0 ant\u00e9rieures \u00e0 8.4.1",
      "product": {
        "name": "BIG-IQ",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP SSL Orchestrator versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4 (SSL Orchestrator 12.3.2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Next CNF versions 1.1.0 \u00e0 1.4.0 ant\u00e9rieures \u00e0 1.4.1",
      "product": {
        "name": "BIG-IP Next",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX App Protect WAF versions 5.1.0 \u00e0 5.8.0",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Gateway Fabric versions 2.0.0 \u00e0 2.6.0",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Ingress Controller versions 4.0.0 \u00e0 4.0.1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP PEM versions 17.1.0 \u00e0 17.1.3 ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP DNS versions 16.1.0 \u00e0 16.1.6 ant\u00e9rieures \u00e0 17.1.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP PEM versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Advanced WAF/ASM versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Advanced WAF/ASM versions 21.0.x ant\u00e9rieures \u00e0 21.0.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP PEM versions 17.5.0 \u00e0 17.5.1 ant\u00e9rieures \u00e0 17.5.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "NGINX Plus versions R32 ant\u00e9rieures \u00e0 R32 P6",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "F5 WAF for NGINX versions 5.9.0 \u00e0 5.12.1",
      "product": {
        "name": "NGINX",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-41227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41227"
    },
    {
      "name": "CVE-2026-39458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39458"
    },
    {
      "name": "CVE-2026-42781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42781"
    },
    {
      "name": "CVE-2026-42780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42780"
    },
    {
      "name": "CVE-2026-40701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40701"
    },
    {
      "name": "CVE-2026-42920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42920"
    },
    {
      "name": "CVE-2026-42409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42409"
    },
    {
      "name": "CVE-2026-42946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42946"
    },
    {
      "name": "CVE-2026-42937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42937"
    },
    {
      "name": "CVE-2026-42919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42919"
    },
    {
      "name": "CVE-2026-42934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42934"
    },
    {
      "name": "CVE-2026-42406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42406"
    },
    {
      "name": "CVE-2026-40435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40435"
    },
    {
      "name": "CVE-2026-34176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34176"
    },
    {
      "name": "CVE-2026-40629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40629"
    },
    {
      "name": "CVE-2026-32673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32673"
    },
    {
      "name": "CVE-2026-41953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41953"
    },
    {
      "name": "CVE-2026-40061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40061"
    },
    {
      "name": "CVE-2026-42924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42924"
    },
    {
      "name": "CVE-2026-41225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41225"
    },
    {
      "name": "CVE-2026-35062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-35062"
    },
    {
      "name": "CVE-2026-40423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40423"
    },
    {
      "name": "CVE-2026-34019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34019"
    },
    {
      "name": "CVE-2026-42926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42926"
    },
    {
      "name": "CVE-2026-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20916"
    },
    {
      "name": "CVE-2026-41957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41957"
    },
    {
      "name": "CVE-2026-39455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39455"
    },
    {
      "name": "CVE-2026-40618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40618"
    },
    {
      "name": "CVE-2026-40631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40631"
    },
    {
      "name": "CVE-2026-32643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32643"
    },
    {
      "name": "CVE-2026-41217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41217"
    },
    {
      "name": "CVE-2026-40698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40698"
    },
    {
      "name": "CVE-2026-39459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39459"
    },
    {
      "name": "CVE-2026-40703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40703"
    },
    {
      "name": "CVE-2026-28758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28758"
    },
    {
      "name": "CVE-2026-41954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41954"
    },
    {
      "name": "CVE-2026-40699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40699"
    },
    {
      "name": "CVE-2026-40462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40462"
    },
    {
      "name": "CVE-2026-41219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41219"
    },
    {
      "name": "CVE-2026-24464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24464"
    },
    {
      "name": "CVE-2026-40067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40067"
    },
    {
      "name": "CVE-2026-42063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42063"
    },
    {
      "name": "CVE-2026-42408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42408"
    },
    {
      "name": "CVE-2026-40060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40060"
    },
    {
      "name": "CVE-2026-42945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42945"
    },
    {
      "name": "CVE-2026-41956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41956"
    },
    {
      "name": "CVE-2026-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41218"
    },
    {
      "name": "CVE-2026-41959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41959"
    },
    {
      "name": "CVE-2026-42930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42930"
    },
    {
      "name": "CVE-2026-40460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40460"
    },
    {
      "name": "CVE-2026-42058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42058"
    }
  ],
  "initial_release_date": "2026-05-15T00:00:00",
  "last_revision_date": "2026-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0591",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits F5. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": "2026-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K000160932",
      "url": "https://my.f5.com/manage/s/article/K000160932"
    }
  ]
}

GHSA-6VMC-2WH4-77QP

Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30

Details

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity ?

4.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

6.3 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-42934"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-13T16:16:49Z",
    "severity": "MODERATE"
  },
  "details": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-6vmc-2wh4-77qp",
  "modified": "2026-05-13T18:30:56Z",
  "published": "2026-05-13T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42934"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000161028"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2026-42934

Vulnerability from fkie_nvd - Published: 2026-05-13 16:16 - Updated: 2026-05-13 16:27

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Summary

References

	URL	Tags
	f5sirt@f5.com	https://my.f5.com/manage/s/article/K000161028

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    }
  ],
  "id": "CVE-2026-42934",
  "lastModified": "2026-05-13T16:27:11.127",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "f5sirt@f5.com",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-13T16:16:49.910",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "url": "https://my.f5.com/manage/s/article/K000161028"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Primary"
    }
  ]
}

MSRC_CVE-2026-42934

Vulnerability from csaf_microsoft - Published: 2026-05-02 00:00 - Updated: 2026-05-16 01:04

Summary

NGINX ngx_http_charset_module vulnerability

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-42934

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—	None Available

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-42934 NGINX ngx_http_charset_module vulnerability - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-42934.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "NGINX ngx_http_charset_module vulnerability",
    "tracking": {
      "current_release_date": "2026-05-16T01:04:55.000Z",
      "generator": {
        "date": "2026-05-16T07:10:14.971Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-42934",
      "initial_release_date": "2026-05-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-16T01:04:55.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 nginx 0:1.28.3-1.azl3",
                "product": {
                  "name": "azl3 nginx 0:1.28.3-1.azl3",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "nginx"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 nginx 0:1.28.3-1.azl3 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-42934",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "general",
          "text": "f5",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-42934 NGINX ngx_http_charset_module vulnerability - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-42934.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2026-05-16T01:04:55.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 4.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "17084-1"
          ]
        }
      ],
      "title": "NGINX ngx_http_charset_module vulnerability"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-42934 (GCVE-0-2026-42934)

bit-nginx-2026-42934

Vulnerability from bitnami_vulndb

CERTFR-2026-AVI-0591

Solutions

GHSA-6VMC-2WH4-77QP

FKIE_CVE-2026-42934

MSRC_CVE-2026-42934

Tags

Sightings

Nomenclature