FKIE_CVE-2026-42055

Vulnerability from fkie_nvd - Published: 2026-06-17 15:16 - Updated: 2026-07-15 02:21
Summary
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_proxy_v2_module",
            "ngx_http_grpc_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.31.2",
              "status": "affected",
              "version": "1.13.10",
              "versionType": "custom"
            },
            {
              "lessThan": "1.30.3",
              "status": "affected",
              "version": "1.30.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_proxy_v2_module",
            "ngx_http_grpc_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "37.0.2.1",
              "status": "affected",
              "version": "37.0",
              "versionType": "custom"
            },
            {
              "lessThan": "R36 P6",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "f5sirt@f5.com"
    },
    {
      "affectedData": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.2"
          ],
          "defaultStatus": "affected",
          "packageName": "nginx",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.26.3-6.el10_2.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "nginx:1.24",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020260707171317.489197e6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "nginx",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:1.20.1-28.el9_8.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "nginx:1.24",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9080020260707164406.9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "nginx:1.26",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9080020260707110000.9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "nginx-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.30.3-2.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "odf4/ocs-client-console-rhel9",
          "product": "Red Hat Openshift Data Foundation 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-console-rhel9",
          "product": "Red Hat Openshift Data Foundation 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "odf4/odf-multicluster-console-rhel9",
          "product": "Red Hat Openshift Data Foundation 4",
          "vendor": "Red Hat"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:dos:4.9.0:*:*:*:*:nginx:*:*",
              "matchCriteriaId": "DACAC9CB-16D3-4F55-A466-70035779B387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_app_protect_dos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9DC498-9755-4CFA-9EA5-0009A3EE791F",
              "versionEndIncluding": "4.7.0",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70F49F1-8FD2-45E8-8681-27745BDB35B7",
              "versionEndIncluding": "4.16.0",
              "versionStartIncluding": "4.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD0C5470-172B-4C82-AD8E-0FA0F19F3D15",
              "versionEndIncluding": "5.8.0",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15B7F1FD-0C49-460F-9CB8-23DA730EC4BE",
              "versionEndIncluding": "1.6.2",
              "versionStartIncluding": "1.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8495C4C7-3BFA-49CD-B527-7E1EE9827634",
              "versionEndExcluding": "2.6.4",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D5B143-4C1E-4626-8B49-3EA7160E9256",
              "versionEndIncluding": "3.7.2",
              "versionStartIncluding": "3.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "965E7D6E-288B-438E-A2A8-A25802E34933",
              "versionEndExcluding": "5.5.1",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_ingress_controller:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "896F495E-50C2-4A10-8FE8-F4D0AD52F6FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_ingress_controller:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ACDA17B-D0AB-46C1-9D58-21DF6ED5479E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCFCE3FC-61E0-4749-8F09-EEB4B09B1218",
              "versionEndIncluding": "2.22.0",
              "versionStartIncluding": "2.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C7658CE-370C-4210-8C25-FC2BC48EF785",
              "versionEndExcluding": "1.30.3",
              "versionStartIncluding": "1.30.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_open_source:1.31.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D313995D-43EA-48D8-ABDE-D08D0995509A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9460A8-35D0-45BD-A94F-F4833F6914AB",
              "versionEndIncluding": "37.0.1",
              "versionStartIncluding": "37.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4AAFDD5-EACA-4A96-83D8-4A5A745981C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
              "matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4EBEC829-7EED-487E-974D-BBA704DFBF0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D0648596-D1F5-4A7A-B7F8-104E3AF26317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*",
              "matchCriteriaId": "8248517E-D805-4928-8252-2168472341EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*",
              "matchCriteriaId": "9D5BB4C0-B862-4CDD-AA54-1BC1BDF27005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r31:p2:*:*:*:*:*:*",
              "matchCriteriaId": "6F5A3A1A-04B0-4365-A84D-7B29F7EF1D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r31:p3:*:*:*:*:*:*",
              "matchCriteriaId": "71E1C590-CFCE-4CC8-9A42-3C085D39B3B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*",
              "matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*",
              "matchCriteriaId": "FA913184-EAAD-409E-99C6-AB979DAA93F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*",
              "matchCriteriaId": "782DF180-1101-4D6A-A1D7-8DADBAF6D9D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*",
              "matchCriteriaId": "FB0B11F2-4748-492B-9906-F8C4C5EAFF12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p4:*:*:*:*:*:*",
              "matchCriteriaId": "86B53968-1CCA-4CF3-8454-BB92EF64D10E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r33:-:*:*:*:*:*:*",
              "matchCriteriaId": "514B0A2A-E2FD-4DB7-B5B8-5C59F1D60AD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*",
              "matchCriteriaId": "46DC49B8-7286-4867-9CDA-1C1B469CD304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*",
              "matchCriteriaId": "43477C2E-7485-4146-B25C-F58D632CD85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r33:p3:*:*:*:*:*:*",
              "matchCriteriaId": "6A25B9CF-02C0-42DE-9C70-F2AD3ACE3CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r34:-:*:*:*:*:*:*",
              "matchCriteriaId": "25292797-19EC-446B-BB26-FAC7A280F61D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7453D683-FCA7-46EE-BE49-5FD9A01D7F87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r34:p2:*:*:*:*:*:*",
              "matchCriteriaId": "A977BF9F-D165-4B93-B4D2-A177883A5E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r35:-:*:*:*:*:*:*",
              "matchCriteriaId": "5D5FFD66-35C3-41AD-BD77-510E34A3AC6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r35:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4958360C-7993-4C82-8685-202D4940CE01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r36:-:*:*:*:*:*:*",
              "matchCriteriaId": "E7E5F940-048A-446F-9A1E-074612CEA1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r36:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7993A0FB-BE7E-4634-BF7F-FDEE3582D3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r36:p2:*:*:*:*:*:*",
              "matchCriteriaId": "862EA47E-8D57-434E-9C8F-238325FB85B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r36:p3:*:*:*:*:*:*",
              "matchCriteriaId": "7B52C01B-F719-4C72-BB83-7B70EC4BC029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r36:p4:*:*:*:*:*:*",
              "matchCriteriaId": "9F2211E4-93B9-4F1F-BA32-F5C34B879688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r36:p5:*:*:*:*:*:*",
              "matchCriteriaId": "284E9DB5-02EB-40E9-9DF3-E8F8144775ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*",
              "matchCriteriaId": "03FC0AE0-1D26-4002-92DD-1895A38F6382",
              "versionEndIncluding": "5.13.1",
              "versionStartIncluding": "5.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:waf:4.8.1:*:*:*:*:nginx:*:*",
              "matchCriteriaId": "EDC7D419-A6CD-4490-A456-459BDC9BF658",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module\u00a0and ngx_http_grpc_module\u00a0modules. This vulnerability exists when the proxy_http_version to 2\u00a0or grpc_pass\u00a0directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers\u00a0directive is set to off, and the large_client_header_buffers\u00a0directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    }
  ],
  "id": "CVE-2026-42055",
  "lastModified": "2026-07-15T02:21:24.690",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.2,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-42055",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-17T00:00:00+00:00",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-06-17T15:16:50.353",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://my.f5.com/manage/s/article/K000161584"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2026:27197"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:36331"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:36364"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:36618"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:36639"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:38847"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2026-42055"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489866"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42055.json"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-131"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "type": "Secondary"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…