F5 releases out-of-band patches for critical NGINX Open Source vulnerabilities

AI-Generated Summary

3 sources

16 hours ago

1 views

F5 releases out-of-band patches for critical NGINX Open Source vulnerabilities

Photo: The Hacker News

Key Points

F5 releases out-of-band security updates for vulnerabilities in NGINX Open Source.
Reported flaws could be exploited remotely by unauthenticated attackers.
CVE-2026-42530 is listed as a critical issue with a CVSS v4 score of 9.2 and involves a use-after-free in ngx_http_v3_module.
Coverage says the vulnerabilities can enable remote code execution on affected systems.
One report indicates the issues could also cause NGINX to restart.

F5 issues security updates for critical vulnerabilities in NGINX Open Source, including flaws that security researchers say could be exploited by remote, unauthenticated attackers. Multiple reports describe the updates as out-of-band, released ahead of a scheduled maintenance window, to address urgent risk.

One of the addressed issues is identified as CVE-2026-42530, reported with a CVSS v4 score of 9.2. Security information provided in coverage indicates it is a use-after-free vulnerability in the ngx_http_v3_module that can be triggered remotely without authentication. Other coverage also refers to two critical-severity issues capable of enabling remote code execution on affected systems.

In addition to the code execution risk, one outlet reports that the vulnerabilities could allow an attacker to cause a restart of the NGINX service. Collectively, the reporting indicates F5’s patches are intended to remediate the affected components and reduce exposure for deployments running vulnerable versions of NGINX Open Source. Users are advised to apply the released updates promptly and follow F5 guidance regarding affected versions and upgrade steps.

How Outlets Covered This Story

THE

The Hacker News

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open Source is

12 hours ago

BLE

Bleeping Computer

F5 issues out-of-band patches for critical NGINX vulnerabilities

Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. [...]

18 hours ago

SEC

SecurityWeek

F5 Patches Critical, High-Severity NGINX Vulnerabilities

Critical flaws in NGINX could allow remote, unauthenticated attackers to cause a restart and potentially execute arbitrary code. The post F5 Patches Critical, High-Severity NGINX Vulnerabilities appeared first on SecurityWeek.

20 hours ago

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

F5 releases out-of-band patches for critical NGINX Open Source vulnerabilities

Key and Peele’s ‘Police Academy’ reboot canceled after Michael Brown shooting, Barinholtz says

Daveigh Chase, ‘Lilo & Stitch’ and ‘The Ring’ actress, dies at 35

Kareena Kapoor Khan and Prithviraj Sukumaran’s Daayra to release on September 18