Detections
Analytics

Nginx < 1.30.1 Multiple Vulnerabilities

critical Web App Scanning Plugin ID 115243

Language:

Synopsis

Nginx < 1.30.1 Multiple Vulnerabilities

Description

According to its Server response header, the installed version of nginx is prior to 1.30.1. It is, therefore, affected by the following issues :

 - A heap-use-after-free vulnerability in the ngx_http_ssl_module module when ssl_verify_client is set to 'on' or 'optional' and ssl_ocsp is enabled with a resolver, which may allow an unauthenticated remote attacker to cause worker process restarts or limited memory modification. (CVE-2026-40701)

 - A vulnerability in the ngx_quic_module module when HTTP/3 is enabled that allows an attacker to spoof their source IP address, potentially bypassing IP-based authorization or rate limiting. (CVE-2026-40460)

 - A heap buffer over-read vulnerability in the ngx_http_charset_module module when charset, source_charset, charset_map, and proxy_pass with response buffering disabled are all configured, which may allow an unauthenticated remote attacker to cause limited memory disclosure or a worker process restart. (CVE-2026-42934)

 - A vulnerability in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may allow an attacker with man-in-the-middle access to upstream SCGI or uWSGI responses to trigger excessive memory allocation or a data over-read, potentially disclosing worker memory or causing a restart. (CVE-2026-42946)

 - A heap buffer overflow vulnerability in the ngx_http_rewrite_module module when a rewrite directive is followed by rewrite, if, or set with unnamed PCRE captures and a replacement string containing '?', which may allow an unauthenticated remote attacker to cause worker process restarts or, on systems without ASLR, potentially execute code. (CVE-2026-42945)

 - A vulnerability in the ngx_http_proxy_v2_module module when proxy_http_version 2 and proxy_set_body are used together that allows an attacker to inject HTTP/2 frame headers and payload bytes toward the upstream peer. (CVE-2026-42926)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to nginx version 1.30.1 or later.

See Also

https://my.f5.com/manage/s/article/K000161019

https://my.f5.com/manage/s/article/K000161021

https://my.f5.com/manage/s/article/K000161027

https://my.f5.com/manage/s/article/K000161028

https://my.f5.com/manage/s/article/K000161068

https://my.f5.com/manage/s/article/K000161131

Plugin Details

Severity: Critical

ID: 115243

Type: Version Based

Published: 5/20/2026

Updated: 5/20/2026

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-42945

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2026-42945

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-42945

Vulnerability Information

CPE: cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/12/2026

Reference Information

CVE: CVE-2026-40460, CVE-2026-40701, CVE-2026-42926, CVE-2026-42934, CVE-2026-42945, CVE-2026-42946

CWE: 122, 125, 131, 172, 290, 416, 789, 823

OWASP: 2010-A3, 2013-A2, 2013-A9, 2017-A2, 2017-A9, 2021-A3, 2021-A6, 2021-A7, 2025-A6, 2025-A7

WASC: Buffer Overflow, Improper Output Handling, Insufficient Authentication

CAPEC: 104, 21, 22, 459, 461, 473, 476, 540, 59, 60, 73, 81, 85, 92, 94

DISA STIG: APSC-DV-001870, APSC-DV-002560, APSC-DV-002590, APSC-DV-002630

HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)

ISO: 27001-A.12.6.1, 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5

NIST: sp800_53-AC-3, sp800_53-CM-6b, sp800_53-SI-10, sp800_53-SI-16

OWASP API: 2019-API7, 2019-API8, 2023-API8

OWASP ASVS: 4.0.2-14.2.1, 4.0.2-4.1.3, 4.0.2-5.2.1

PCI-DSS: 3.2-6.2, 3.2-6.5, 3.2-6.5.10, 3.2-6.5.2