F5 Patches NGINX Vulnerability That Enables Code Execution and DoS

F5 has issued an out-of-band security advisory addressing multiple high-severity vulnerabilities within NGINX. These flaws could enable attackers to execute arbitrary code and launch denial-of-service (DoS) attacks across affected environments.

The advisory, published on June 17, 2026, highlights several critical flaws impacting NGINX Open Source, NGINX Plus, and related products, including NGINX Gateway Fabric and NGINX Ingress Controller.

Some of these vulnerabilities carry CVSS v4.0 scores as high as 9.2, indicating a significant risk to organizations relying on NGINX for web and application delivery.

One of the most critical issues, tracked as CVE-2026-42530, affects the ngx_http_v3_module in NGINX. This flaw impacts NGINX Open-Source versions 1.31.0 and 1.31.1 and has been patched in version 1.31.2.

Successful exploitation could lead to memory corruption, potentially enabling remote code execution or service disruption. Another high-risk vulnerability, CVE-2026-42055, impacts the ngx_http_proxy_v2_module and ngx_http_grpc_module.

This issue affects both NGINX Open Source and NGINX Plus deployments. Security researchers warn that attackers could exploit this flaw to trigger DoS conditions or execute malicious code under specific configurations.

F5 Patches NGINX Vulnerability

The vulnerability has been resolved in NGINX Open Source versions 1.30.3 and 1.31.2, as well as NGINX Plus release 37.0.2.1 and R36 P6.

F5 also disclosed additional vulnerabilities in NGINX Gateway Fabric, including CVE-2026-11311 and CVE-2026-50107, both rated high severity. These flaws impact versions 2.3.0 through 2.6.3 and have been fixed in version 2.6.4.

Exploitation of these issues could result in service instability or unauthorized behavior within Kubernetes-based environments where Gateway Fabric is deployed.

In addition to high-severity flaws, the advisory includes medium-severity vulnerabilities such as CVE-2026-48142, which affects the ngx_http_charset_module.

While less critical, this issue could still be leveraged to impact application behavior or degrade service reliability if left unpatched.

Notably, several F5 and NGINX-related products, including NGINX Instance Manager, NGINX App Protect, and F5 WAF for NGINX, are affected but currently lack direct fixes.

F5 recommends applying mitigations and monitoring configurations until patches are released for these components.

Security experts emphasize that NGINX is widely used in modern web infrastructure, making these vulnerabilities particularly attractive targets for attackers.

F5 Advisory K000161614 warns that vulnerable internet-facing systems are at greatest risk and should be updated to the latest patched releases without delay.

Where upgrades are not possible, administrators should implement temporary mitigations, such as restricting access, turning off vulnerable modules, and monitoring logs for suspicious activity.

This out-of-band release underscores the urgency of the vulnerabilities and the potential impact on production systems.

Given the combination of remote exploitation potential and high severity scores, timely patching is critical to reducing the attack surface.

F5 continues to provide updates and detailed technical guidance through its official advisory portal, and users are encouraged to subscribe to security notifications to stay informed about future vulnerabilities.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.