Nginx 1.31.x < 1.31.3 Multiple Vulnerabilities

critical Web App Scanning Plugin ID 115313

Synopsis

Nginx 1.31.x < 1.31.3 Multiple Vulnerabilities

Description

According to its banner, the version of Nginx running on the remote host is prior to 1.30.4 or 1.31.x prior to 1.31.3. It is, therefore, affected by multiple vulnerabilities:

- A heap-based buffer overflow vulnerability exists in the map directive when regex matching is used and a string expression references the map's regex capture variables before referencing the map output variable, or when a non-cacheable variable is used in a string expression under certain conditions. An unauthenticated attacker can exploit this to cause a denial of service or potential code execution on systems with ASLR disabled. (CVE-2026-42533)

- An uninitialized memory access vulnerability exists in the ngx_http_slice_module module when the slice directive and unnamed regex captures are configured or when a background cache update occurs. An unauthenticated attacker can exploit this to cause limited disclosure of memory or a restart of the NGINX worker process. (CVE-2026-60005)

- A use-after-free vulnerability exists in the ngx_http_ssi_module module when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. An attacker with man-in-the-middle ability to control responses from an upstream server can exploit this to cause limited modification of memory or a restart of the NGINX worker process. (CVE-2026-56434)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to nginx version 1.31.3 or later.

See Also

https://my.f5.com/manage/s/article/K000162097

https://my.f5.com/manage/s/article/K000162098

https://my.f5.com/manage/s/article/K000162100

Plugin Details

Severity: Critical

ID: 115313

Type: Version Based

Published: 7/17/2026

Updated: 7/17/2026

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 58.12

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS Score Source: CVE-2026-60005

CVSS v3

Risk Factor: High

Base Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CVSS Score Source: CVE-2026-60005

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-42533

Vulnerability Information

CPE: cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:*

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/14/2026

Reference Information

CVE: CVE-2026-42533, CVE-2026-56434, CVE-2026-60005