CYBERSIXT Signal Over Noise
www.securityweek.com 6/18/2026, 9:54:46 AM · external

F5 patches NGINX remote code flaws CVE-2026-42530, CVE-2026-42055

F5 patches NGINX remote code flaws CVE-2026-42530, CVE-2026-42055
CyberSIXT Evidence Panel
Primary Source my.f5.com
CVE Intel
CVE-2026-42530 - NVD Not in KEV 9.2 CRITICAL Patch Unknown
CVE-2026-42055 - NVD Not in KEV 9.2 CRITICAL Patch Unknown
CVE-2026-11311 - NVD Not in KEV 8.6 HIGH Patch Unknown
CVE-2026-50107 - NVD Not in KEV 8.6 HIGH Patch Unknown
CISA KEV Not in KEV
Patch Patch Status Unknown

F 5 has released critical security updates for multiple NGINX vulnerabilities, including CVE-2026-42530 and CVE-2026-42055, both with a CVSS score of 9.2. These flaws can lead to code execution and denial-of-service (DoS) conditions. Exploiting these vulnerabilities requires no authentication. Additional patches were also issued for CVE-2026-11311 and CVE-2026-50107, affecting NGINX Gateway Fabric, which could allow configuration manipulation by authenticated attackers. While there have been no reports of exploitation in the wild, users are strongly advised to update their systems due to increasing attack risks.

View Primary Source Via www.securityweek.com

Article by CyberSIXT