Nginx security advisories
25 threat alerts tracking vulnerabilities and security advisories that affect Nginx products.
Vulnios monitors Nginx CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent Nginx security news in one place, or click into an individual alert for full detail.
CVE-2026-48142 NGINX ngx_http_charset_module vulnerability
Microsoft Security Response Center published an advisory on "CVE-2026-48142 NGINX ngx_http_charset_module vulnerability". Topic areas: microsoft, windows, azure, patch. Published June 28, 2026. See th
criticalCVE-2026-48142F5 issues out-of-band patches for critical NGINX vulnerabilities
BleepingComputer published an news on "F5 issues out-of-band patches for critical NGINX vulnerabilities". Topic areas: ransomware, malware, data-breach, zero-day. Published June 18, 2026. See the orig
criticalUSN-8398-3: nginx vulnerability
USN-8398-1 fixed a vulnerability in nginx. The update caused a regression and was temporarily reverted in USN-8398-2. This update introduces a complete fix for CVE-2026-49975. We apologize for the inc
criticalCVE-2026-49975USN-8398-2: nginx regression
USN-8398-1 fixed a vulnerability in nginx. The update introduced a regression causing nginx to crash when being used with external modules. This update reverts the fix for CVE-2026-49975 pending furth
criticalCVE-2026-49975USN-8398-1: nginx vulnerability
It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, res
criticalUSN-8375-1: nginx vulnerabilities
It was discovered that the nginx ngx_mail_smtp_module module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sen
criticalCVE-2025-53859CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability
Microsoft Security Response Center published an advisory on "CVE-2026-9256 NGINX ngx_http_rewrite_module vulnerability". Topic areas: microsoft, windows, azure, patch. Published May 27, 2026. See the
criticalCVE-2026-9256CVE-2026-8711 NGINX JavaScript vulnerability
Microsoft Security Response Center published an advisory on "CVE-2026-8711 NGINX JavaScript vulnerability". Topic areas: microsoft, windows, azure, patch. Published May 23, 2026. See the original sour
criticalCVE-2026-8711Exploitation of Critical NGINX Vulnerability Begins
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityW
criticalNGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
The Hacker News published an news on "NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE". Topic areas: zero-day, malware, ransomware, data-breach. Published May 17, 2
criticalCVE-2026-42945PoC Code Published for Critical NGINX Vulnerability
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on Secu
criticalCVE-2026-40460 NGINX ngx_quic_module vulnerability
Microsoft Security Response Center published an advisory on "CVE-2026-40460 NGINX ngx_quic_module vulnerability". Topic areas: microsoft, windows, azure, patch. Published May 16, 2026. See the origina
criticalCVE-2026-40460CVE-2026-40701 NGINX ngx_http_ssl_module vulnerability
Microsoft Security Response Center published an advisory on "CVE-2026-40701 NGINX ngx_http_ssl_module vulnerability". Topic areas: microsoft, windows, azure, patch. Published May 16, 2026. See the ori
criticalCVE-2026-40701CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability
Microsoft Security Response Center published an advisory on "CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability". Topic areas: microsoft, windows, azure, patch. Published May 16, 2026. See the
criticalCVE-2026-42945CVE-2026-42934 NGINX ngx_http_charset_module vulnerability
Microsoft Security Response Center published an advisory on "CVE-2026-42934 NGINX ngx_http_charset_module vulnerability". Topic areas: microsoft, windows, azure, patch. Published May 16, 2026. See the
criticalCVE-2026-42934CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
Microsoft Security Response Center published an advisory on "CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability". Topic areas: microsoft, windows, azure, patch. Publishe
criticalCVE-2026-4294618-year-old NGINX vulnerability allows DoS, potential RCE
BleepingComputer published an news on "18-year-old NGINX vulnerability allows DoS, potential RCE". Topic areas: ransomware, malware, data-breach, zero-day. Published May 14, 2026. See the original sou
criticalUSN-8271-1: nginx vulnerability
It was discovered that the nginx ngx_http_rewrite_module component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial
criticalF5 Patches Over 50 Vulnerabilities
The company’s latest quarterly advisory describes high and medium-severity issues in BIG-IP, BIG-IQ, and NGINX. The post F5 Patches Over 50 Vulnerabilities appeared first on SecurityWeek. ]]>
critical18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
The Hacker News published an news on "18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE". Topic areas: zero-day, malware, ransomware, data-breach. Published May 14, 2026. See the origi
criticalRapid7 Blog Advisory — Apr 16, 2026
OverviewOn March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI. Nginx UI is an open-source web interface to centralize the management of Nginx configurati
criticalCVE-2026-33032Nginx-UI Flaw Actively Exploited to Enable Full Server Takeover - cyberpress.org
Nginx-UI Flaw Actively Exploited to Enable Full Server Takeover cyberpress.org
highCritical Nginx UI auth bypass flaw now actively exploited in the wild
Critical Nginx UI auth bypass flaw now actively exploited in the wild
criticalExploited Vulnerability Exposes Nginx Servers to Hacking
Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool. The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on Sec
criticalCVE-2026-33032Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
criticalCVE-2026-33032
Track Nginx exposure across your environment
Vulnios automatically cross-references your asset inventory against new Nginx CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan