Vulnerability-Lookup

SUSE-SU-2026:2050-1

Vulnerability from csaf_suse - Published: 2026-05-25 13:58 - Updated: 2026-05-25 13:58

Summary

Security update for nginx

Severity

Important

Notes

Title of the patch: Security update for nginx

Description of the patch: This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the `ngx_mail_auth_http_module` is enabled (bsc#1260415). - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file (bsc#1260420). - CVE-2026-40701: heap use-after-free in the worker process when the `ssl_verify_client` and the `ssl_ocsp` directives are set due to issue in the `ngx_http_ssl_module` module (bsc#1265229). - CVE-2026-42934: heap buffer overread in the worker process due to issue in the `ngx_http_charset_module` module (bsc#1265231). - CVE-2026-42945: heap buffer overflow via crafted HTTP requests due to issue in `ngx_http_rewrite_module` (bsc#1265232). - CVE-2026-42946: excessive memory allocation and data overread due to issue in the `ngx_http_scgi_module` and `ngx_http_uwsgi_module` modules (bsc#1265233).

Patchnames: SUSE-2026-2050,SUSE-SLE-Module-Server-Applications-15-SP7-2026-2050,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2050,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2050

CVE-2026-27651

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32647

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-40701

5.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-42934

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-42945

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-42946

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

Affected products

Recommended 13 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

29 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1260415	self
https://bugzilla.suse.com/1260420	self
https://bugzilla.suse.com/1265229	self
https://bugzilla.suse.com/1265231	self
https://bugzilla.suse.com/1265232	self
https://bugzilla.suse.com/1265233	self
https://www.suse.com/security/cve/CVE-2026-27651/	self
https://www.suse.com/security/cve/CVE-2026-32647/	self
https://www.suse.com/security/cve/CVE-2026-40701/	self
https://www.suse.com/security/cve/CVE-2026-42934/	self
https://www.suse.com/security/cve/CVE-2026-42945/	self
https://www.suse.com/security/cve/CVE-2026-42946/	self
https://www.suse.com/security/cve/CVE-2026-27651	external
https://bugzilla.suse.com/1260415	external
https://www.suse.com/security/cve/CVE-2026-32647	external
https://bugzilla.suse.com/1260420	external
https://www.suse.com/security/cve/CVE-2026-40701	external
https://bugzilla.suse.com/1265229	external
https://www.suse.com/security/cve/CVE-2026-42934	external
https://bugzilla.suse.com/1265231	external
https://www.suse.com/security/cve/CVE-2026-42945	external
https://bugzilla.suse.com/1265232	external
https://bugzilla.suse.com/1265566	external
https://www.suse.com/security/cve/CVE-2026-42946	external
https://bugzilla.suse.com/1265233	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for nginx",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for nginx fixes the following issues\n\n- CVE-2026-27651: denial of service via undisclosed requests when the `ngx_mail_auth_http_module` is enabled\n  (bsc#1260415).\n- CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file (bsc#1260420).\n- CVE-2026-40701: heap use-after-free in the worker process when the `ssl_verify_client` and the `ssl_ocsp` directives\n  are set due to issue in the `ngx_http_ssl_module` module (bsc#1265229).\n- CVE-2026-42934: heap buffer overread in the worker process due to issue in the `ngx_http_charset_module` module\n  (bsc#1265231).\n- CVE-2026-42945: heap buffer overflow via crafted HTTP requests due to issue in `ngx_http_rewrite_module`\n  (bsc#1265232).\n- CVE-2026-42946: excessive memory allocation and data overread due to issue in the `ngx_http_scgi_module` and\n  `ngx_http_uwsgi_module` modules (bsc#1265233).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-2050,SUSE-SLE-Module-Server-Applications-15-SP7-2026-2050,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2050,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2050",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2050-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:2050-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262050-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:2050-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026275.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260415",
        "url": "https://bugzilla.suse.com/1260415"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260420",
        "url": "https://bugzilla.suse.com/1260420"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1265229",
        "url": "https://bugzilla.suse.com/1265229"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1265231",
        "url": "https://bugzilla.suse.com/1265231"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1265232",
        "url": "https://bugzilla.suse.com/1265232"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1265233",
        "url": "https://bugzilla.suse.com/1265233"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-27651 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-27651/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32647 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32647/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-40701 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-40701/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-42934 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-42934/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-42945 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-42945/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-42946 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-42946/"
      }
    ],
    "title": "Security update for nginx",
    "tracking": {
      "current_release_date": "2026-05-25T13:58:44Z",
      "generator": {
        "date": "2026-05-25T13:58:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:2050-1",
      "initial_release_date": "2026-05-25T13:58:44Z",
      "revision_history": [
        {
          "date": "2026-05-25T13:58:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.18.1.aarch64",
                "product": {
                  "name": "nginx-1.21.5-150600.10.18.1.aarch64",
                  "product_id": "nginx-1.21.5-150600.10.18.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.18.1.i586",
                "product": {
                  "name": "nginx-1.21.5-150600.10.18.1.i586",
                  "product_id": "nginx-1.21.5-150600.10.18.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-source-1.21.5-150600.10.18.1.noarch",
                "product": {
                  "name": "nginx-source-1.21.5-150600.10.18.1.noarch",
                  "product_id": "nginx-source-1.21.5-150600.10.18.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.18.1.ppc64le",
                "product": {
                  "name": "nginx-1.21.5-150600.10.18.1.ppc64le",
                  "product_id": "nginx-1.21.5-150600.10.18.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.18.1.s390x",
                "product": {
                  "name": "nginx-1.21.5-150600.10.18.1.s390x",
                  "product_id": "nginx-1.21.5-150600.10.18.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nginx-1.21.5-150600.10.18.1.x86_64",
                "product": {
                  "name": "nginx-1.21.5-150600.10.18.1.x86_64",
                  "product_id": "nginx-1.21.5-150600.10.18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-source-1.21.5-150600.10.18.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch"
        },
        "product_reference": "nginx-source-1.21.5-150600.10.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-source-1.21.5-150600.10.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch"
        },
        "product_reference": "nginx-source-1.21.5-150600.10.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-1.21.5-150600.10.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64"
        },
        "product_reference": "nginx-1.21.5-150600.10.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nginx-source-1.21.5-150600.10.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
        },
        "product_reference": "nginx-source-1.21.5-150600.10.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-27651",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-27651"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When the ngx_mail_auth_http_module  module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-27651",
          "url": "https://www.suse.com/security/cve/CVE-2026-27651"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260415 for CVE-2026-27651",
          "url": "https://bugzilla.suse.com/1260415"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-25T13:58:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-27651"
    },
    {
      "cve": "CVE-2026-32647",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32647"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32647",
          "url": "https://www.suse.com/security/cve/CVE-2026-32647"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260420 for CVE-2026-32647",
          "url": "https://bugzilla.suse.com/1260420"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-25T13:58:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32647"
    },
    {
      "cve": "CVE-2026-40701",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-40701"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module  module when the ssl_verify_client  directive is set to \"on\" or \"optional,\" and the ssl_ocsp  directive is set to \"on\" or the leaf  parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.\n\n\n\n  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-40701",
          "url": "https://www.suse.com/security/cve/CVE-2026-40701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265229 for CVE-2026-40701",
          "url": "https://bugzilla.suse.com/1265229"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-25T13:58:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-40701"
    },
    {
      "cve": "CVE-2026-42934",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-42934"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map  and proxy_pass  with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-42934",
          "url": "https://www.suse.com/security/cve/CVE-2026-42934"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265231 for CVE-2026-42934",
          "url": "https://bugzilla.suse.com/1265231"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-25T13:58:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-42934"
    },
    {
      "cve": "CVE-2026-42945",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-42945"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module  module. This vulnerability exists when the rewrite  directive is followed by a rewrite, if, or set  directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-42945",
          "url": "https://www.suse.com/security/cve/CVE-2026-42945"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265232 for CVE-2026-42945",
          "url": "https://bugzilla.suse.com/1265232"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265566 for CVE-2026-42945",
          "url": "https://bugzilla.suse.com/1265566"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-25T13:58:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-42945"
    },
    {
      "cve": "CVE-2026-42946",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-42946"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability exists in the ngx_http_scgi_module  and ngx_http_uwsgi_module  modules that may result in excessive memory allocation or an over-read of data. When scgi_pass  or uwsgi_pass  is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-42946",
          "url": "https://www.suse.com/security/cve/CVE-2026-42946"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1265233 for CVE-2026-42946",
          "url": "https://bugzilla.suse.com/1265233"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.aarch64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.s390x",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:nginx-source-1.21.5-150600.10.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-1.21.5-150600.10.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:nginx-source-1.21.5-150600.10.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-25T13:58:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-42946"
    }
  ]
}

CVE-2026-27651 (GCVE-0-2026-27651)

Vulnerability from cvelistv5 – Published: 2026-03-24 14:13 – Updated: 2026-03-24 15:14

Title

NGINX ngx_mail_auth_http_module vulnerability

Summary

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-476 - NULL Pointer Dereference

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160383	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
F5	NGINX Open Source	Affected: 1.29.0 , < 1.29.7 (semver) Affected: 0.5.15 , < 1.28.3 (semver)
F5	NGINX Plus	Affected: R36 , < R36 P3 (custom) Affected: R35 , < R35 P2 (custom) Affected: R34 , < * (custom) Affected: R33 , < * (custom) Affected: R32 , < R32 P5 (custom)

Date Public

2026-03-24 14:00

Credits

F5 acknowledges Arkadi Vainbrand for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27651",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T15:02:03.137056Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T15:14:13.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_mail_auth_http_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.29.7",
              "status": "affected",
              "version": "1.29.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.3",
              "status": "affected",
              "version": "0.5.15",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_mail_auth_http_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "R36 P3",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R35 P2",
              "status": "affected",
              "version": "R35",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R34",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R33",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P5",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "F5 acknowledges Arkadi Vainbrand for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-03-24T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen the \u003c/span\u003e\u003cstrong\u003engx_mail_auth_http_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header.\u003c/span\u003e Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "When the ngx_mail_auth_http_module\u00a0module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T14:22:35.756Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160383"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_mail_auth_http_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-27651",
    "datePublished": "2026-03-24T14:13:27.295Z",
    "dateReserved": "2026-03-18T16:06:38.454Z",
    "dateUpdated": "2026-03-24T15:14:13.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32647 (GCVE-0-2026-32647)

Vulnerability from cvelistv5 – Published: 2026-03-24 14:13 – Updated: 2026-03-25 03:55

Title

NGINX ngx_http_mp4_module vulnerability

Summary

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000160366	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
F5	NGINX Open Source	Affected: 1.29.0 , < 1.29.7 (semver) Affected: 1.1.19 , < 1.28.3 (semver)
F5	NGINX Plus	Affected: R36 , < R36 P3 (custom) Affected: R35 , < R35 P2 (custom) Affected: R34 , < * (custom) Affected: R33 , < * (custom) Affected: R32 , < R32 P5 (custom)

Date Public

2026-03-24 14:00

Credits

F5 acknowledges Xint Code and Pavel Kohout (Aisle Research) for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32647",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T03:55:49.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_mp4_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "1.29.7",
              "status": "affected",
              "version": "1.29.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.3",
              "status": "affected",
              "version": "1.1.19",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_mp4_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "R36 P3",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R35 P2",
              "status": "affected",
              "version": "R35",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R34",
              "versionType": "custom"
            },
            {
              "lessThan": "*",
              "status": "affected",
              "version": "R33",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P5",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "F5 acknowledges Xint Code and Pavel Kohout (Aisle Research) for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-03-24T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T14:40:08.455Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000160366"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_http_mp4_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-32647",
    "datePublished": "2026-03-24T14:13:25.724Z",
    "dateReserved": "2026-03-18T16:06:38.427Z",
    "dateUpdated": "2026-03-25T03:55:49.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40701 (GCVE-0-2026-40701)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:07

Title

NGINX ngx_http_ssl_module vulnerability

Summary

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-416 - Use After Free

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000161021	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
F5	NGINX Plus	Unaffected: R37 , < * (custom) Affected: R36 , < R36 P4 (custom) Affected: R32 , < R32 P6 (custom)
F5	NGINX Open Source	Unaffected: 1.31.0 , < * (semver) Affected: 1.19.0 , < 1.30.1 (semver)

Date Public

2026-05-13 14:00

Credits

F5 acknowledges Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T15:55:34.604451Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:07:37.463Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_ssl_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "R37",
              "versionType": "custom"
            },
            {
              "lessThan": "R36 P4",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P6",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_ssl_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.31.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "1.19.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5 acknowledges Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_ssl_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module when the \u003c/span\u003e\u003cstrong\u003essl_verify_client\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive is set to \"on\" or \"optional,\" and the \u003c/span\u003e\u003cstrong\u003essl_ocsp\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive is set to \"on\" or the \u003c/span\u003e\u003cstrong\u003eleaf\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module\u00a0module when the ssl_verify_client\u00a0directive is set to \"on\" or \"optional,\" and the ssl_ocsp\u00a0directive is set to \"on\" or the leaf\u00a0parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:43.588Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000161021"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_http_ssl_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-40701",
    "datePublished": "2026-05-13T14:12:43.588Z",
    "dateReserved": "2026-04-30T23:04:27.950Z",
    "dateUpdated": "2026-05-13T16:07:37.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42934 (GCVE-0-2026-42934)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:07

Title

NGINX ngx_http_charset_module vulnerability

Summary

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000161028	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
F5	NGINX Plus	Unaffected: R37 , < * (custom) Affected: R36 , < R36 P4 (custom) Affected: R32 , < R32 P6 (custom)
F5	NGINX Open Source	Unaffected: 1.31.0 , < * (semver) Affected: 0.3.50 , < 1.30.1 (semver)

Date Public

2026-05-13 14:00

Credits

F5 acknowledges David Carlier and Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T15:55:18.483975Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:07:10.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_charset_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "R37",
              "versionType": "custom"
            },
            {
              "lessThan": "R36 P4",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P6",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_charset_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.31.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "0.3.50",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5 acknowledges David Carlier and Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_charset_module \u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emodule. When \u003c/span\u003e\u003cstrong\u003echarset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, \u003c/span\u003e\u003cstrong\u003esource_charset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, and \u003c/span\u003e\u003cstrong\u003echarset_map\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003eproxy_pass\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u0026nbsp;Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map\u00a0and proxy_pass\u00a0with disabled buffering (\"off\") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers\u0027 control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\n\n\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:44.331Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000161028"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_http_charset_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-42934",
    "datePublished": "2026-05-13T14:12:44.331Z",
    "dateReserved": "2026-04-30T23:04:27.960Z",
    "dateUpdated": "2026-05-13T16:07:10.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42945 (GCVE-0-2026-42945)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-21 18:28

Title

NGINX ngx_http_rewrite_module vulnerability

Summary

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 (Critical)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-122 - Heap-based Buffer Overflow.

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000161019	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
F5	NGINX Plus	Unaffected: R37 , < * (custom) Affected: R36 , < R36 P4 (custom) Affected: R32 , < R32 P6 (custom)
F5	NGINX Open Source	Unaffected: 1.31.0 , < * (semver) Affected: 0.6.27 , < 1.30.1 (semver)

Date Public

2026-05-13 14:00

Credits

F5 acknowledges Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:26.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-14T18:54:21.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://depthfirst.com/nginx-rift"
          },
          {
            "url": "https://github.com/DepthFirstDisclosures/Nginx-Rift"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_rewrite_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "R37",
              "versionType": "custom"
            },
            {
              "lessThan": "R36 P4",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P6",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_rewrite_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.31.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "0.6.27",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5 acknowledges Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNGINX Plus and NGINX Open Source have a vulnerability in the \u003c/span\u003e\u003cstrong\u003engx_http_rewrite_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module. This vulnerability exists when the \u003c/span\u003e\u003cstrong\u003erewrite\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive is followed by a \u003c/span\u003e\u003cstrong\u003erewrite\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, \u003c/span\u003e\u003cstrong\u003eif\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, or \u003c/span\u003e\u003cstrong\u003eset\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module\u00a0module. This vulnerability exists when the rewrite\u00a0directive is followed by a rewrite, if, or set\u00a0directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-21T18:28:55.718Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000161019"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_http_rewrite_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-42945",
    "datePublished": "2026-05-13T14:12:43.971Z",
    "dateReserved": "2026-04-30T23:04:27.955Z",
    "dateUpdated": "2026-05-21T18:28:55.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42946 (GCVE-0-2026-42946)

Vulnerability from cvelistv5 – Published: 2026-05-13 14:12 – Updated: 2026-05-13 16:06

Title

NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability

Summary

A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

8.3 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-789 - Memory Allocation with Excessive Size Value
CWE-823 - Use of Out-of-range Pointer Offset

Assigner

References

1 reference

URL	Tags
https://my.f5.com/manage/s/article/K000161027	vendor-advisorypatch

Impacted products

2 products

Vendor	Product	Version
F5	NGINX Plus	Unaffected: R37 , < * (custom) Affected: R36 , < R36 P4 (custom) Affected: R32 , < R32 P6 (custom)
F5	NGINX Open Source	Unaffected: 1.31.0 , < * (semver) Affected: 0.8.42 , < 1.30.1 (semver)

Date Public

2026-05-13 14:00

Credits

F5 acknowledges Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T15:55:04.864917Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T16:06:56.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ngx_http_scgi_module and ngx_http_uwsgi_module"
          ],
          "product": "NGINX Plus",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "R37",
              "versionType": "custom"
            },
            {
              "lessThan": "R36 P4",
              "status": "affected",
              "version": "R36",
              "versionType": "custom"
            },
            {
              "lessThan": "R32 P6",
              "status": "affected",
              "version": "R32",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "ngx_http_scgi_module and ngx_http_uwsgi_module"
          ],
          "product": "NGINX Open Source",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.31.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "0.8.42",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5 acknowledges Zhenpeng (Leo) Lin of depthfirst for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2026-05-13T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in the \u003c/span\u003e\u003cstrong\u003engx_http_scgi_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003engx_http_uwsgi_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;modules that may result in excessive memory allocation or an over-read of data. When \u003c/span\u003e\u003cstrong\u003escgi_pass\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;or \u003c/span\u003e\u003cstrong\u003euwsgi_pass\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ],
          "value": "A vulnerability exists in the ngx_http_scgi_module\u00a0and ngx_http_uwsgi_module\u00a0modules that may result in excessive memory allocation or an over-read of data. When scgi_pass\u00a0or uwsgi_pass\u00a0is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789: Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-823",
              "description": "CWE-823: Use of Out-of-range Pointer Offset",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T14:12:44.697Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://my.f5.com/manage/s/article/K000161027"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2026-42946",
    "datePublished": "2026-05-13T14:12:44.697Z",
    "dateReserved": "2026-04-30T23:04:27.965Z",
    "dateUpdated": "2026-05-13T16:06:56.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:2050-1

CVE-2026-27651 (GCVE-0-2026-27651)

CVE-2026-32647 (GCVE-0-2026-32647)

CVE-2026-40701 (GCVE-0-2026-40701)

CVE-2026-42934 (GCVE-0-2026-42934)

CVE-2026-42945 (GCVE-0-2026-42945)

CVE-2026-42946 (GCVE-0-2026-42946)

Tags

Sightings

Nomenclature