FKIE_CVE-2026-42055
Vulnerability from fkie_nvd - Published: 2026-06-17 15:16 - Updated: 2026-07-15 02:21
Severity
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | dos | 4.9.0 | |
| f5 | nginx_app_protect_dos | * | |
| f5 | nginx_app_protect_waf | * | |
| f5 | nginx_app_protect_waf | * | |
| f5 | nginx_gateway_fabric | * | |
| f5 | nginx_gateway_fabric | * | |
| f5 | nginx_ingress_controller | * | |
| f5 | nginx_ingress_controller | * | |
| f5 | nginx_ingress_controller | 4.0.0 | |
| f5 | nginx_ingress_controller | 4.0.1 | |
| f5 | nginx_instance_manager | * | |
| f5 | nginx_open_source | * | |
| f5 | nginx_open_source | 1.31.1 | |
| f5 | nginx_plus | * | |
| f5 | nginx_plus | r3 | |
| f5 | nginx_plus | r30 | |
| f5 | nginx_plus | r30 | |
| f5 | nginx_plus | r30 | |
| f5 | nginx_plus | r31 | |
| f5 | nginx_plus | r31 | |
| f5 | nginx_plus | r31 | |
| f5 | nginx_plus | r31 | |
| f5 | nginx_plus | r32 | |
| f5 | nginx_plus | r32 | |
| f5 | nginx_plus | r32 | |
| f5 | nginx_plus | r32 | |
| f5 | nginx_plus | r32 | |
| f5 | nginx_plus | r33 | |
| f5 | nginx_plus | r33 | |
| f5 | nginx_plus | r33 | |
| f5 | nginx_plus | r33 | |
| f5 | nginx_plus | r34 | |
| f5 | nginx_plus | r34 | |
| f5 | nginx_plus | r34 | |
| f5 | nginx_plus | r35 | |
| f5 | nginx_plus | r35 | |
| f5 | nginx_plus | r36 | |
| f5 | nginx_plus | r36 | |
| f5 | nginx_plus | r36 | |
| f5 | nginx_plus | r36 | |
| f5 | nginx_plus | r36 | |
| f5 | nginx_plus | r36 | |
| f5 | waf | * | |
| f5 | waf | 4.8.1 |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unknown",
"modules": [
"ngx_http_proxy_v2_module",
"ngx_http_grpc_module"
],
"product": "NGINX Open Source",
"vendor": "F5",
"versions": [
{
"lessThan": "1.31.2",
"status": "affected",
"version": "1.13.10",
"versionType": "custom"
},
{
"lessThan": "1.30.3",
"status": "affected",
"version": "1.30.2",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"ngx_http_proxy_v2_module",
"ngx_http_grpc_module"
],
"product": "NGINX Plus",
"vendor": "F5",
"versions": [
{
"lessThan": "37.0.2.1",
"status": "affected",
"version": "37.0",
"versionType": "custom"
},
{
"lessThan": "R36 P6",
"status": "affected",
"version": "R36",
"versionType": "custom"
}
]
}
],
"source": "f5sirt@f5.com"
},
{
"affectedData": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.26.3-6.el10_2.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "nginx:1.24",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020260707171317.489197e6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.20.1-28.el9_8.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nginx:1.24",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9080020260707164406.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nginx:1.26",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9080020260707110000.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "nginx-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.3-2.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"packageName": "odf4/ocs-client-console-rhel9",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"packageName": "odf4/odf-console-rhel9",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"packageName": "odf4/odf-multicluster-console-rhel9",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:dos:4.9.0:*:*:*:*:nginx:*:*",
"matchCriteriaId": "DACAC9CB-16D3-4F55-A466-70035779B387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_app_protect_dos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9DC498-9755-4CFA-9EA5-0009A3EE791F",
"versionEndIncluding": "4.7.0",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70F49F1-8FD2-45E8-8681-27745BDB35B7",
"versionEndIncluding": "4.16.0",
"versionStartIncluding": "4.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0C5470-172B-4C82-AD8E-0FA0F19F3D15",
"versionEndIncluding": "5.8.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15B7F1FD-0C49-460F-9CB8-23DA730EC4BE",
"versionEndIncluding": "1.6.2",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8495C4C7-3BFA-49CD-B527-7E1EE9827634",
"versionEndExcluding": "2.6.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10D5B143-4C1E-4626-8B49-3EA7160E9256",
"versionEndIncluding": "3.7.2",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "965E7D6E-288B-438E-A2A8-A25802E34933",
"versionEndExcluding": "5.5.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "896F495E-50C2-4A10-8FE8-F4D0AD52F6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACDA17B-D0AB-46C1-9D58-21DF6ED5479E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCFCE3FC-61E0-4749-8F09-EEB4B09B1218",
"versionEndIncluding": "2.22.0",
"versionStartIncluding": "2.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7658CE-370C-4210-8C25-FC2BC48EF785",
"versionEndExcluding": "1.30.3",
"versionStartIncluding": "1.30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_open_source:1.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D313995D-43EA-48D8-ABDE-D08D0995509A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9460A8-35D0-45BD-A94F-F4833F6914AB",
"versionEndIncluding": "37.0.1",
"versionStartIncluding": "37.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AAFDD5-EACA-4A96-83D8-4A5A745981C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
"matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*",
"matchCriteriaId": "4EBEC829-7EED-487E-974D-BBA704DFBF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*",
"matchCriteriaId": "D0648596-D1F5-4A7A-B7F8-104E3AF26317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*",
"matchCriteriaId": "8248517E-D805-4928-8252-2168472341EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*",
"matchCriteriaId": "9D5BB4C0-B862-4CDD-AA54-1BC1BDF27005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r31:p2:*:*:*:*:*:*",
"matchCriteriaId": "6F5A3A1A-04B0-4365-A84D-7B29F7EF1D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r31:p3:*:*:*:*:*:*",
"matchCriteriaId": "71E1C590-CFCE-4CC8-9A42-3C085D39B3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*",
"matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA913184-EAAD-409E-99C6-AB979DAA93F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*",
"matchCriteriaId": "782DF180-1101-4D6A-A1D7-8DADBAF6D9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*",
"matchCriteriaId": "FB0B11F2-4748-492B-9906-F8C4C5EAFF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p4:*:*:*:*:*:*",
"matchCriteriaId": "86B53968-1CCA-4CF3-8454-BB92EF64D10E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r33:-:*:*:*:*:*:*",
"matchCriteriaId": "514B0A2A-E2FD-4DB7-B5B8-5C59F1D60AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*",
"matchCriteriaId": "46DC49B8-7286-4867-9CDA-1C1B469CD304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*",
"matchCriteriaId": "43477C2E-7485-4146-B25C-F58D632CD85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p3:*:*:*:*:*:*",
"matchCriteriaId": "6A25B9CF-02C0-42DE-9C70-F2AD3ACE3CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r34:-:*:*:*:*:*:*",
"matchCriteriaId": "25292797-19EC-446B-BB26-FAC7A280F61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*",
"matchCriteriaId": "7453D683-FCA7-46EE-BE49-5FD9A01D7F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r34:p2:*:*:*:*:*:*",
"matchCriteriaId": "A977BF9F-D165-4B93-B4D2-A177883A5E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r35:-:*:*:*:*:*:*",
"matchCriteriaId": "5D5FFD66-35C3-41AD-BD77-510E34A3AC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r35:p1:*:*:*:*:*:*",
"matchCriteriaId": "4958360C-7993-4C82-8685-202D4940CE01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r36:-:*:*:*:*:*:*",
"matchCriteriaId": "E7E5F940-048A-446F-9A1E-074612CEA1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p1:*:*:*:*:*:*",
"matchCriteriaId": "7993A0FB-BE7E-4634-BF7F-FDEE3582D3E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p2:*:*:*:*:*:*",
"matchCriteriaId": "862EA47E-8D57-434E-9C8F-238325FB85B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p3:*:*:*:*:*:*",
"matchCriteriaId": "7B52C01B-F719-4C72-BB83-7B70EC4BC029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p4:*:*:*:*:*:*",
"matchCriteriaId": "9F2211E4-93B9-4F1F-BA32-F5C34B879688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p5:*:*:*:*:*:*",
"matchCriteriaId": "284E9DB5-02EB-40E9-9DF3-E8F8144775ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*",
"matchCriteriaId": "03FC0AE0-1D26-4002-92DD-1895A38F6382",
"versionEndIncluding": "5.13.1",
"versionStartIncluding": "5.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:waf:4.8.1:*:*:*:*:nginx:*:*",
"matchCriteriaId": "EDC7D419-A6CD-4490-A456-459BDC9BF658",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module\u00a0and ngx_http_grpc_module\u00a0modules. This vulnerability exists when the proxy_http_version to 2\u00a0or grpc_pass\u00a0directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers\u00a0directive is set to off, and the large_client_header_buffers\u00a0directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"id": "CVE-2026-42055",
"lastModified": "2026-07-15T02:21:24.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "f5sirt@f5.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "f5sirt@f5.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-42055",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-17T15:16:50.353",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000161584"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27197"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:36331"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:36364"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:36618"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:36639"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:38847"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42055"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489866"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"tags": [
"Third Party Advisory"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42055.json"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "f5sirt@f5.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-131"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…