A vulnerability categorized as critical has been discovered in F5 NGINX Plus and NGINX Open Source . Affected is the function ngx_http_ssl_module of the component Configuration Handler . Such manipulation leads to use after free. This vulnerability is referenced as CVE-2026-40701 . It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.