F5 Networks has issued an urgent security update to address several high-severity vulnerabilities within the NGINX software, which could be exploited by attackers to execute arbitrary code and cause denial-of-service (DoS) disruptions. The advisory, released on June 17, 2026, highlights critical issues affecting NGINX Open Source, NGINX Plus, and associated products like NGINX Gateway Fabric and NGINX Ingress Controller.
Details of the NGINX Vulnerabilities
The vulnerabilities, some scoring as high as 9.2 on the CVSS v4.0 scale, pose significant risks to organizations using NGINX for web and application delivery. Among the most severe is CVE-2026-42530, a flaw in the ngx_http_v3_module affecting NGINX Open Source versions 1.31.0 and 1.31.1, now rectified in version 1.31.2. This vulnerability could lead to memory corruption and potentially allow remote code execution or service disruption.
Another major flaw, CVE-2026-42055, impacts the ngx_http_proxy_v2_module and ngx_http_grpc_module, affecting both NGINX Open Source and NGINX Plus. Security experts have warned that attackers could exploit this to initiate DoS attacks or execute harmful code in specific configurations.
Patch Releases and Additional Vulnerabilities
F5 has released patches for these vulnerabilities in NGINX Open Source versions 1.30.3 and 1.31.2, as well as NGINX Plus release 37.0.2.1 and R36 P6. Additional vulnerabilities identified in NGINX Gateway Fabric, such as CVE-2026-11311 and CVE-2026-50107, also received fixes in version 2.6.4. These issues could lead to service instability or unauthorized actions in Kubernetes-based environments where the Gateway Fabric is used.
Beyond the high-severity flaws, the advisory includes medium-severity vulnerabilities like CVE-2026-48142 affecting the ngx_http_charset_module. While these are less critical, they can still degrade service reliability if left unaddressed.
Impact and Recommendations
The widespread use of NGINX in modern web infrastructure makes these vulnerabilities attractive targets for cyber attackers. F5’s advisory K000161614 emphasizes that systems exposed to the internet are at the highest risk and should be updated promptly. Where updates are not feasible, temporary mitigations, such as access restrictions and disabling vulnerable modules, are recommended.
This security release underlines the urgency of addressing these vulnerabilities to safeguard production environments. With the potential for remote exploitation and high severity scores, timely patching is essential to minimizing attack vectors.
F5 continues to provide detailed technical guidance through its advisory portal, encouraging users to subscribe to security notifications for updates on future vulnerabilities.
