Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1714)

critical Nessus Plugin ID 316933

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1714 advisory.

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note:
Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-40460)

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to on or optional, and the ssl_ocsp directive is set to on or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
(CVE-2026-40701)

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
(CVE-2026-42926)

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering (off) directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
(CVE-2026-42934)

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-42945)

A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-42946)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update nginx --releasever 2023.11.20260526' or or 'dnf update --advisory ALAS2023-2026-1714 --releasever 2023.11.20260526' to update your system.

Plugin Details

Severity: Critical

ID: 316933

File Name: al2023_ALAS2023-2026-1714.nasl

Version: 1.1

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 5/27/2026

Updated: 5/27/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS Score Source: CVE-2026-40460

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2026-42945

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Threat Score: 8.2

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-42945

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:nginx, p-cpe:/a:amazon:linux:nginx-debuginfo, p-cpe:/a:amazon:linux:nginx-all-modules, p-cpe:/a:amazon:linux:nginx-mod-http-image-filter, p-cpe:/a:amazon:linux:nginx-mod-http-perl, p-cpe:/a:amazon:linux:nginx-mod-http-xslt-filter, p-cpe:/a:amazon:linux:nginx-mod-mail, p-cpe:/a:amazon:linux:nginx-mod-stream, p-cpe:/a:amazon:linux:nginx-core, p-cpe:/a:amazon:linux:nginx-core-debuginfo, p-cpe:/a:amazon:linux:nginx-debugsource, p-cpe:/a:amazon:linux:nginx-filesystem, p-cpe:/a:amazon:linux:nginx-mod-devel, p-cpe:/a:amazon:linux:nginx-mod-http-image-filter-debuginfo, p-cpe:/a:amazon:linux:nginx-mod-http-perl-debuginfo, p-cpe:/a:amazon:linux:nginx-mod-http-xslt-filter-debuginfo, p-cpe:/a:amazon:linux:nginx-mod-mail-debuginfo, p-cpe:/a:amazon:linux:nginx-mod-stream-debuginfo, cpe:/o:amazon:linux:2023

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2026

Vulnerability Publication Date: 5/13/2026

Reference Information

CVE: CVE-2026-40460, CVE-2026-40701, CVE-2026-42926, CVE-2026-42934, CVE-2026-42945, CVE-2026-42946

Detections

Analytics