The version of nginx installed on the remote host is prior to 1.30.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-012 advisory.

    When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able     to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting.  Note:
    Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-40460)

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the     ssl_verify_client directive is set to on or optional, and the ssl_ocsp directive is set to on or the     leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can     send requests along with conditions beyond its control that may cause a heap-use-after-free error in the     NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker     process restarting.



    Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    (CVE-2026-40701)

    When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also     uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream     peer.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    (CVE-2026-42926)

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset,     source_charset, and charset_map and proxy_pass with disabled buffering (off) directives are configured,     unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a     heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.



    Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    (CVE-2026-42934)

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This     vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an     unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string     that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control     can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in     the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout     Randomization (ASLR ) disabled, code execution is possible.  Note: Software versions which have reached     End of Technical Support (EoTS) are not evaluated. (CVE-2026-42945)

    A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in     excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an     unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream     server may be able to read the memory of the NGINX worker process or restart it.  Note: Software versions     which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-42946)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-012 (ALASNGINX1-2026-012)

critical Nessus Plugin ID 316959

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Jun 18, 2026, 10:27 AM CVSS metrics ("CVSSv2 score" set to 7.1) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:C") CVSSv2 score source (changed from "CVE-2026-40460" to "CVE-2026-42946") CVSSv2 severity (based on CVE-2026-42946, severity increased from "Medium" to "High") Plugin Feed: 202606181027
Version 1.2 Jun 16, 2026, 8:07 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202606160807
Version 1.1 May 27, 2026, 1:37 PM New Plugin Feed: 202605271337