F 5 has announced an out-of-band security release addressing eight vulnerabilities in NGINX and BIG-IP. The most critical, CVE-2026-42533, has a CVSS score of 9.2 and can potentially lead to heap buffer overflow via crafted HTTP requests. Exploits could allow unauthorized attackers to restart NGINX worker processes or leak memory. Other high-severity vulnerabilities could enable authenticated attackers to manipulate NGINX configurations or cause denial-of-service conditions. F5 states there is no evidence of these vulnerabilities being exploited in the wild.
F5 patches NGINX heap overflow bug CVE-2026-42533 in eight fixes
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
F5 patches NGINX heap overflow bug CVE-2026-42533 in eight fixes
www.securityweek.com
-
F5 patches NGINX memory flaw enabling remote code execution
securityonline.info