[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnerOZeU-PDOMvaKQf6HTK2KeBtmQsRyl0SapAlJvEAk":3},{"article":4,"iocs":43},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"6b2840d7-69d3-4a8b-a937-17e4209c18ed","F5 issues out-of-band patches for critical NGINX vulnerabilities","f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities-62e130","Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. [...]","F5 released emergency security updates addressing two critical-severity vulnerabilities in NGINX web server modules (CVE-2026-42530 and CVE-2026-42055) that allow unauthenticated remote attackers to execute code or trigger denial-of-service attacks on vulnerable systems. The flaws involve use-after-free and heap-based buffer overflow issues in the NGINX worker process and can lead to code execution when ASLR is disabled or bypassed. F5 also patched two high-severity NGINX Gateway Fabric flaws allowing authenticated configuration injection attacks.","F5 releases out-of-band patches for two critical NGINX RCE vulnerabilities","F5 issues out-of-band patches for critical NGINX vulnerabilities By Sergiu Gatlan June 18, 2026 07:33 AM 0 Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. The two critical vulnerabilities were found in the ngx_http_v3_module (CVE-2026-42530) and the ngx_http_proxy_v2_module and ngx_http_grpc_module (CVE-2026-42055), and can be exploited by unauthenticated remote attackers to trigger a denial-of-service (DoS) attack or code execution on NGINX systems with non-default configurations. Successful exploitation causes a use-after-free or heap-based buffer overflow in the NGINX worker process, leading to a restart. In both cases, they can also \"execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.\" F5 has released security fixes for multiple NGINX software products affected by these two vulnerabilities, including NGINX Plus and NGINX Open Source, NGINX Gateway Fabric, and NGINX Instance Manager. Admins who can't immediately install the security updates can mitigate CVE-2026-42530 by disabling HTTP\u002F3 (removing quic from all listen directives) and CVE-2026-42055 by removing the ignore_invalid_headers off directive from the configuration and reducing the large_client_header_buffers directive size below 2 megabytes. The company also addressed two high-severity NGINX Gateway Fabric security flaws, tracked as CVE-2026-11311 and CVE-2026-50107, that can be exploited by authenticated attackers to inject arbitrary NGINX configuration directives. While F5 didn't flag any of these security issues as exploited in attacks, F5 vulnerabilities have often been exploited by both cybercrime and nation-state threat groups in recent years. For instance, hackers have targeted security flaws in F5 products to breach corporate networks, deploy data-wiping malware, map internal servers, hijack devices, and steal sensitive documents from victims worldwide. F5 also disclosed in October that state-backed attackers breached its systems in August 2025 and stole undisclosed BIG-IP security vulnerabilities and source code. Over the past several years, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged seven F5 vulnerabilities as actively exploited, with four of them targeted in ransomware attacks. F5 is a Fortune 500 technology company that provides cybersecurity, application delivery networking (ADN), and various other services to over 23,000 customers worldwide, including 48 of the Fortune 50 companies and 80% of the Fortune Global 500. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: 18-year-old NGINX vulnerability allows DoS, potential RCECISA orders feds to patch max severity Joomla plugin flaw by FridayNew Veeam vulnerability exposes backup servers to RCE attacksGogs patches critical zero-day enabling remote code executionNew Gogs zero-day flaw lets hackers get remote code execution","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Ff5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F06\u002F18\u002FF5.jpg","2026-06-18T11:33:00+00:00","2026-06-18T12:00:14.362118+00:00",9,[18,21,24,26,28,30],{"name":19,"type":20},"F5","vendor",{"name":22,"type":23},"NGINX Plus","product",{"name":25,"type":23},"NGINX Open Source",{"name":27,"type":23},"NGINX Gateway Fabric",{"name":29,"type":23},"NGINX Instance Manager",{"name":31,"type":23},"BIG-IP","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":32,"icon":34,"name":35,"slug":36},null,"Vulnerabilities","vulnerabilities",[38],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",[44,48,51,54],{"type":45,"value":46,"context":47},"cve","CVE-2026-42530","Critical NGINX ngx_http_v3_module vulnerability allowing DoS or RCE",{"type":45,"value":49,"context":50},"CVE-2026-42055","Critical NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability allowing DoS or RCE",{"type":45,"value":52,"context":53},"CVE-2026-11311","High-severity NGINX Gateway Fabric authenticated configuration injection flaw",{"type":45,"value":55,"context":53},"CVE-2026-50107"]