CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 18, 2026

F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks

Cybersecurity News Archived Jun 18, 2026 ✓ Full text saved

F5 has released an out-of-band security advisory addressing multiple high-severity vulnerabilities in NGINX that could allow attackers to execute arbitrary code and launch denial-of-service (DoS) attacks across affected environments. The advisory, published on June 17, 2026, highlights several critical flaws impacting NGINX Open Source, NGINX Plus, and related products, including NGINX Gateway Fabric and NGINX […] The post F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attack

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks By Abinaya June 18, 2026 F5 has released an out-of-band security advisory addressing multiple high-severity vulnerabilities in NGINX that could allow attackers to execute arbitrary code and launch denial-of-service (DoS) attacks across affected environments. The advisory, published on June 17, 2026, highlights several critical flaws impacting NGINX Open Source, NGINX Plus, and related products, including NGINX Gateway Fabric and NGINX Ingress Controller. Some of these vulnerabilities carry CVSS v4.0 scores as high as 9.2, indicating a significant risk to organizations relying on NGINX for web and application delivery. One of the most critical issues, tracked as CVE-2026-42530, affects the ngx_http_v3_module in NGINX. This flaw impacts NGINX Open-Source versions 1.31.0 and 1.31.1 and has been patched in version 1.31.2. Successful exploitation could lead to memory corruption, potentially enabling remote code execution or service disruption. Another high-risk vulnerability, CVE-2026-42055, impacts the ngx_http_proxy_v2_module and ngx_http_grpc_module. This issue affects both NGINX Open Source and NGINX Plus deployments. Security researchers warn that attackers could exploit this flaw to trigger DoS conditions or execute malicious code under specific configurations. F5 Patches NGINX Vulnerability The vulnerability has been resolved in NGINX Open Source versions 1.30.3 and 1.31.2, as well as NGINX Plus release 37.0.2.1 and R36 P6. F5 also disclosed additional vulnerabilities in NGINX Gateway Fabric, including CVE-2026-11311 and CVE-2026-50107, both rated high severity. These flaws impact versions 2.3.0 through 2.6.3 and have been fixed in version 2.6.4. Exploitation of these issues could result in service instability or unauthorized behavior within Kubernetes-based environments where Gateway Fabric is deployed. In addition to high-severity flaws, the advisory includes medium-severity vulnerabilities such as CVE-2026-48142, which affects the ngx_http_charset_module. While less critical, this issue could still be leveraged to impact application behavior or degrade service reliability if left unpatched. Notably, several F5 and NGINX-related products, including NGINX Instance Manager, NGINX App Protect, and F5 WAF for NGINX, are affected but currently lack direct fixes. F5 recommends applying mitigations and monitoring configurations until patches are released for these components. Security experts emphasize that NGINX is widely used in modern web infrastructure, making these vulnerabilities particularly attractive targets for attackers. F5 Advisory K000161614 warns that vulnerable internet-facing systems are at greatest risk and should be updated to the latest patched releases without delay. Where upgrades are not possible, administrators should implement temporary mitigations, such as restricting access, turning off vulnerable modules, and monitoring logs for suspicious activity. This out-of-band release underscores the urgency of the vulnerabilities and the potential impact on production systems. Given the combination of remote exploitation potential and high severity scores, timely patching is critical to reducing the attack surface. F5 continues to provide updates and detailed technical guidance through its official advisory portal, and users are encouraged to subscribe to security notifications to stay informed about future vulnerabilities. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News FishMonger Hackers Expands SprySOCKS Backdoor From Linux to Windows With Advanced Stealth Features BugHunter – Bug Bounty Toolkit Powered by Claude and Free AI Providers Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control Hackers Use ClickFix Prompt to Install MSI Package and Launch Hands-On-Keyboard Attack ErrTraffic MaaS Uses Fake reCAPTCHA and Cloudflare Turnstile Lures to Execute PowerShell Commands Latest News Cyber Security News Evilginx AiTM Attack Captures Microsoft Credentials, MFA Tokens, and Authenticated Sessions Cyber Security PoC Exploit Released for HTTP/2 Bomb Remote DoS Vulnerability in Apache HTTP Server Cyber Security News Hackers Abuse PowerShell, VBScript, and BAT Files to Deliver Xctdoor Backdoor Cyber Security News Rust Clipboard Hijacker Uses Fake GitHub Stars and VirusTotal Upvotes to Steal Crypto Cyber Security News Microsoft Office Applications Might Fail to Open Following Windows 11 June Update
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 18, 2026
    Archived
    Jun 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗