{"vulnerability": "cve-2026-4205", "sightings": [{"uuid": "f902d17b-f37e-40d2-a61d-af8fa7b4ecff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42051", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlfhvbtop72h", "content": "CVE-2026-42051 - Kirby: System API endpoint leaks license data and installed version to authenticated users\nCVE ID : CVE-2026-42051\n \n Published : May 9, 2026, 3:37 a.m. | 48\u00a0minutes ago\n \n Description : Kirby is an open-source content management system. Prior to versions 4.9....", "creation_timestamp": "2026-05-09T05:05:32.932624Z"}, {"uuid": "9c68fd9f-c00c-4ad1-8f9d-7db01810d455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moiunvadrb24", "content": "CVE-2026-42055 - NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability\nCVE ID : CVE-2026-42055\n \n Published : June 17, 2026, 2:04 p.m. | 3\u00a0hours, 4\u00a0minutes ago\n \n Description : NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_modul...", "creation_timestamp": "2026-06-17T17:47:37.540286Z"}, {"uuid": "a3ef0514-a716-4979-9aca-39bb7879e85a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1927", "content": "", "creation_timestamp": "2026-06-17T21:00:00.000000Z"}, {"uuid": "f1de6755-e0af-41d3-9ab9-67bfc0ddef16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1929", "content": "", "creation_timestamp": "2026-06-17T21:00:00.000000Z"}, {"uuid": "10c8116c-3f4f-479b-af90-fb5072861255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mokvn4bbjd2j", "content": "\ud83d\udd17 CVE : CVE-2026-42055, CVE-2026-42530, CVE-2026-48142", "creation_timestamp": "2026-06-18T13:10:33.175843Z"}, {"uuid": "3b0e5434-ac6d-4f2b-995e-558744c22aa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3moln6ygxmd2v", "content": "\ud83d\udea8 HIGH: CVE-2026-42055\n\nCVSS 8.1/10\n\n\ud83d\udccb WHAT IT IS:\nNGINX Open Source has a vulnerability in the HTTP/2 module. A remote unauthenticated attacker can send a specially crafted HTTP/2 request that causes a heap buffer overflow in the NGINX worker process. This may allow remote code execution. Exploitat", "creation_timestamp": "2026-06-18T20:12:00.319706Z"}, {"uuid": "bafb4518-ef03-4612-8030-89c6edb56b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3molqwn4o5k62", "content": "F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution TheHackerNews F5 fixes CVE-2026-42530 and CVE-2026-42055 in NGINX Open Source, addressing HTTP/3 and HTTP/2 flaws that...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-06-18T21:18:58.455597Z"}, {"uuid": "4cca1073-b6a8-42fd-a52d-106a110227eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3molsfz3p3b2n", "content": "F5 patched two critical NGINX Open Source flaws, CVE-2026-42530 and CVE-2026-42055, that could enable remote code execution in certain configs. Mitigations include disabling HTTP/3 or adjusting headers. #NGINX #F5 #CVE202642530", "creation_timestamp": "2026-06-18T21:45:26.120014Z"}, {"uuid": "70aef19b-0cfe-463d-8ba0-557d7820fa80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/dju.eurosky.social/post/3molyw2ol3c2h", "content": "plusieurs CVE dans nginx\n\nCVE-2026-42530\nCVE-2026-42055\nCVE-2026-48142\n\nthehackernews.com/2026/06/f5-p...", "creation_timestamp": "2026-06-18T23:41:47.806117Z"}, {"uuid": "45138370-dab5-47ec-bb7f-3a60687612d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42055", "type": "seen", "source": "https://bsky.app/profile/thecybersecguru.com/post/3mompp6rrhu2b", "content": "Two 9.2s in stock NGINX: inside the HTTP/3 QPACK use-after-free and the gRPC heap overflow F5 just\u00a0patched\n\nF5 patched two critical NGINX flaws (CVSS 9.2): a QPACK use-after-free in HTTP/3 and a gRPC heap overflow. Full\u2026\n\nhttps://thecybersecguru.com/news/nginx-cve-2026-42530-cve-2026-42055-rce/", "creation_timestamp": "2026-06-19T06:29:31.995649Z"}, {"uuid": "eea2c778-08e9-4d9e-9266-3f99a3d90886", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42055", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3momr3spaum2v", "content": "\ud83d\udcf0 Picu Kerusakan Memori, F5 Rilis Patch Darurat Tutup Celah Kritis RCE pada NGINX\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/06/19/f5-rilis-patch-darurat-celah-kritis-nginx/\n\n#aslr #bufferOverflow #cve-2026-42055 #cve-2026-42530 #dos #f5 #http3 #nginx #outOfBand #patchDarurat ", "creation_timestamp": "2026-06-19T06:54:28.499995Z"}, {"uuid": "28d9557d-8c87-465c-8434-a529b7ebf6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://infosec.exchange/users/beyondmachines1/statuses/116775720185561378", "content": "F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus\nF5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.\n**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing \"quic\" from all listen directives, and remove the \"ignore_invalid_headers off\" directive or shrink \"large_client_header_buffers\" to block these attacks until you update.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L", "creation_timestamp": "2026-06-19T13:20:06.012658Z"}, {"uuid": "75b96418-1e26-4553-832d-85f6ddd20b1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3monjucmz5s2h", "content": "F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution\n\nF5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnera\u2026\n#hackernews #news", "creation_timestamp": "2026-06-19T14:17:41.146746Z"}, {"uuid": "fd6e90a2-0252-4d3a-9762-a7a3c4a379cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7o7bs2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:53.287974Z"}, {"uuid": "e9567ef2-bbc9-40bd-9480-e291a8fd8908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oj2c2s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:55.143782Z"}, {"uuid": "a76787a2-f0ce-4eac-aaa6-4a1b1633a25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/toxy4ny.bsky.social/post/3moory7oly22s", "content": "Friday fuck-up) this time F5-Nginx - The vulnerabilities have been assigned the identifiers CVE-2026-42530 and CVE-2026-42055 and received a CVSS score of 9.2. They allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition or achieve arbitrary code execution.", "creation_timestamp": "2026-06-19T16:15:57.061829Z"}, {"uuid": "6c0bd62e-c94e-4fb4-898f-5d33c3493222", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motml63t7d2v", "content": "\ud83d\udea8  ALERT: CVE-2026-42055\n\nCVSS 8.1/10\n\n\ud83d\udccb WHAT IT IS:\nNGINX Open Source has a vulnerability in the HTTP/2 module. A remote unauthenticated attacker can send a specially crafted HTTP/2 request that causes a heap buffer overflow in the NGINX worker process. This may allow remote code execution. Exploit", "creation_timestamp": "2026-06-22T00:22:13.030462Z"}, {"uuid": "057ec4f4-06f0-4514-a983-e11d21f0c081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://gist.github.com/muhamedfazalps/a3449070789a6a2c13d4d4e844af803b", "content": "# \u26a0\ufe0f SECURITY ALERT: Multiple CVEs Affecting Popular Packages (June 2026)\n\n## CVE-2026-48931 \u2014 Node.js 24.17 / node-fetch Premature Close\n- **Impact:** Affects Node.js 24.17 and any app using node-fetch\n- **Severity:** High\n- **Affected:** Backstage (20\ud83d\udc4d issue), any Node.js app on 24.17\n- **Fix:** Update Node.js or apply backport\n- **Issue:** https://github.com/backstage/backstage/issues/34651\n\n## CVE-2026-54297 \u2014 Faraday Dependency Vulnerability\n- **Impact:** Affects Fastlane and apps using Faraday\n- **Severity:** High\n- **Affected:** Fastlane (9\ud83d\udc4d issue), any Ruby app using Faraday\n- **Fix:** Update Faraday dependency\n- **Issue:** https://github.com/fastlane/fastlane/issues/30086\n\n## CVE-2026-42530 & CVE-2026-42055 \u2014 nginx Vulnerabilities\n- **Impact:** Affects nginx and mailcow-dockerized\n- **Severity:** High\n- **Affected:** mailcow-dockerized (7\ud83d\udc4d issue), any nginx deployment\n- **Fix:** Update nginx to patched version\n- **Issue:** https://github.com/mailcow/mailcow-dockerized/issues/7299\n\n## js-yaml Quadratic DoS (v3.x)\n- **Impact:** Affects any app using js-yaml v3.x for YAML parsing\n- **Severity:** Medium-High\n- **Affected:** 15\ud83d\udc4d issue requesting backport from v4.2.0 to v3\n- **Fix:** Update to js-yaml v4.2.0+ or apply backport\n- **Issue:** https://github.com/nodeca/js-yaml/issues/762\n\n## How to Check If You're Affected\n1. Check your Node.js version: `node --version`\n2. Check your Ruby/Bundler dependencies: `bundle list | grep faraday`\n3. Check your nginx version: `nginx -v`\n4. Check your js-yaml version: `npm ls js-yaml`\n\n## What to Do\n1. Update affected dependencies immediately\n2. Review logs for suspicious activity\n3. Rotate credentials if exposure is suspected\n\n---\n*If this alert helped you: https://buymeacoffee.com/muhamedfazalps*\n", "creation_timestamp": "2026-06-23T13:41:44.000000Z"}, {"uuid": "a4cd1633-da38-466f-8a50-ce191b98782a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://bsky.app/profile/insomnisec.bsky.social/post/3mp2q6blryx2v", "content": "\ud83d\udce1 Two More Critical NGINX Vulnerabilities: CVE-2026-42530 and CVE-2026-42055", "creation_timestamp": "2026-06-24T20:15:13.948593Z"}, {"uuid": "7996d7bb-891a-4645-8a7f-adca7a5c8498", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42055", "type": "seen", "source": "https://www.acn.gov.it/portale/w/risolte-vulnerabilita-nei-prodotti-nginix", "content": "", "creation_timestamp": "2026-06-25T16:45:41.757988Z"}]}