wid-sec-w-2026-1661 · Published 2026-06-17 · View on BSI CERT-Bund ↗

NGINX Open Source and NGINX Plus: Vulnerability allows Denial of Service and potenziell Code execution

CVSS N/A NONE

Risk Summary

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NGINX und NGINX NGINX Plus ausnutzen, um einen Denial of Service Angriff durchzuführen, und potenziell um beliebigen Programmcode auszuführen.

CVEs (1)

CVE-2026-9256

Affected Vendors

Amazon Debian NGINX SUSE Ubuntu

Affected Products (10)

NGINX · NGINX Open Source <1.31.1

NGINX · NGINX Open Source 1.31.1

NGINX · NGINX Open Source <1.30.2

NGINX · NGINX Open Source 1.30.2

NGINX · NGINX Plus <37.0.1.1

NGINX · NGINX Plus 37.0.1.1

NGINX · NGINX Plus <R36 P5

NGINX · NGINX Plus R36 P5

NGINX · NGINX Plus <R32 P7

NGINX · NGINX Plus R32 P7

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more