securityonline.info 6/19/2026, 3:31:39 AM · external

F5 Patches Two Critical NGINX Flaws in HTTP/3 and HTTP/2 Modules (CVE-2026-42530, CVE-2026-42055)

Developing story vulnerability 4 articles tracked

F5 patches critical NGINX HTTP/2 and HTTP/3 flaws (CVE-2026-42530, CVE-2026-42055)

CyberSIXT Evidence Panel

Primary Source

my.f5.com

CVE Intel

CVE-2026-42530 - NVD Not in KEV 9.2 CRITICAL Patch Unknown

CVE-2026-42055 - NVD Not in KEV 9.2 CRITICAL Patch Unknown

CISA KEV Not in KEV

Patch Patch Status Unknown

F 5 has released urgent patches for two critical vulnerabilities in its NGINX web server (CVE-2026-42530 and CVE-2026-42055), both rated with a CVSS v4.0 score of 9.2. The vulnerabilities could be exploited by unauthenticated attackers and are significant due to NGINX's widespread use across the internet. CVE-2026-42530 relates to a use-after-free flaw in HTTP/3 configurations, potentially leading to service denial; while CVE-2026-42055 is a heap-based buffer overflow affecting specific HTTP/2 configurations. Both security risks necessitate immediate upgrades to fixed versions or mitigations through configuration adjustments.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline

#4 Jun 19, 2026, 02:23 AM Current article

securityonline.info
F5 Patches Two Critical NGINX Flaws in HTTP/3 and HTTP/2 Modules (CVE-2026-42530, CVE-2026-42055)
#3 Jun 18, 2026, 07:01 PM

cybersixt.com
F5 patches critical NGINX flaws enabling remote code execution
#2 Jun 18, 2026, 03:11 PM

cybersixt.com
F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution
#1 Jun 18, 2026, 09:54 AM

cybersixt.com
F5 patches NGINX remote code flaws CVE-2026-42530, CVE-2026-42055