CVE-2026-1642

High CVSS: 8.2

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vendor

Product

Nginx Gateway Fabric

CWE

CWE-349

Yayın Tarihi

2026-02-04 15:16:14

Güncelleme

2026-02-13 21:35:01

Source Identifier

f5sirt@f5.com

KEV Date Added

Kategoriler

CWE-349 Nginx Gateway Fabric HIGH F5 2026

Referanslar

https://my.f5.com/manage/s/article/K000159824 http://www.openwall.com/lists/oss-security/2026/02/05/1

Benzer Kayıtlar

High

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker t…

High

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to…

High

CVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow…

Medium

CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of…

Medium

CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling o…

High

CVE-2026-27651

When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause…