www.securityweek.com 7/16/2026, 9:26:04 AM · external

F5 patches NGINX heap overflow bug CVE-2026-42533 in eight fixes

F5 patches NGINX heap overflow bug CVE-2026-42533 in eight fixes
CyberSIXT Evidence Panel
Primary Source my.f5.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

F 5 has announced an out-of-band security release addressing eight vulnerabilities in NGINX and BIG-IP. The most critical, CVE-2026-42533, has a CVSS score of 9.2 and can potentially lead to heap buffer overflow via crafted HTTP requests. Exploits could allow unauthorized attackers to restart NGINX worker processes or leak memory. Other high-severity vulnerabilities could enable authenticated attackers to manipulate NGINX configurations or cause denial-of-service conditions. F5 states there is no evidence of these vulnerabilities being exploited in the wild.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline