[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:f5-patches-critical-high-severity-nginx-vulnerabilities-mqjta26l":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":14,"action_required":20,"article_ids":21,"ioc_summary":23,"source_urls":24,"status":26,"expires_at":27,"created_at":28,"updated_at":29,"articles":30},"af6a6be4-b6ee-4b79-b404-95c32771e2e3","F5 Patches Critical, High-Severity NGINX Vulnerabilities","f5-patches-critical-high-severity-nginx-vulnerabilities-mqjta26l","F5 released patches for critical unauthenticated RCE and DoS vulnerabilities in NGINX (CVE-2026-42530, CVE-2026-42055) affecting NGINX Plus, Controller, and related products. Attackers can exploit heap buffer overflows and use-after-free flaws without credentials to crash services or execute arbitrary code. High-severity configuration injection bugs in NGINX Gateway Fabric pose additional risk for authenticated attackers.","critical","advisory",[12,13],"CVE-2026-42530","CVE-2026-42055",[15,16,17,18,19],"F5","NGINX","NGINX Plus","NGINX Open Source","NGINX Gateway Fabric","Immediately inventory all NGINX deployments in your environment. Prioritize patching NGINX Plus and NGINX Controller to latest versions. Monitor for exploitation attempts targeting these CVEs and check logs for suspicious config injection patterns in Gateway Fabric instances.",[22],"e3dc0fbf-89a4-40a4-a113-a5c9ee76e3b0",null,[25],"https:\u002F\u002Fwww.securityweek.com\u002Ff5-patches-critical-high-severity-nginx-vulnerabilities\u002F","active","2026-06-20T18:06:23.888+00:00","2026-06-18T18:06:26.516857+00:00","2026-06-18T18:06:29.512472+00:00",[31],{"id":22,"title":6,"url":25}]