Nginx Multiple Vulnerabilities

Last Update Date: 18 May 2026 Release Date: 15 May 2026 6436 Views

RISK: High Risk

High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in Nginx. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, denial of service condition, remote code execution, sensitive information disclosure, security restriction bypass and data manipulation on the targeted system.

 

Note: 

CVE-2026-42945 is being exploited in the wild. An unauthenticated remote attacker could exploit this vulnerability by sending crafted HTTP requests to trigger denial of service condition and remote code execution on the targeted system. However, exploitation requires special conditions beyond the attacker’s control and depends on a specific vulnerable configuration in the ngx_http_rewrite_module. Hence, the risk level is rated as High Risk.

 

[Updated on 2026-05-18]

Updated Description, Source and Related Links.

Impact

  • Denial of Service
  • Information Disclosure
  • Remote Code Execution
  • Data Manipulation
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Nginx version prior to nginx-1.30.1 stable
  • Nginx version prior to nginx-1.31.0 mainline

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

Information DisclosureRemote Code ExecutionData ManipulationSpoofingSecurity Restriction BypassDenial of ServiceExploit In The Wild

Share with

Previous

Microsoft Edge Multiple Vulnerabilities

18 May 2026 14913 Views

Next

Mozilla Products Multiple Vulnerabilities

20 May 2026 11892 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY