wid-sec-w-2026-1995 · Published 2026-06-17 · View on BSI CERT-Bund ↗

NGINX and NGINX Plus: Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

Ein Angreifer kann mehrere Schwachstellen in NGINX und NGINX NGINX Plus ausnutzen, um Daten zu manipulieren, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.

CVEs (6)

CVE-2026-11311 CVE-2026-32682 CVE-2026-42055 CVE-2026-42530 CVE-2026-48142 CVE-2026-50107

Affected Vendors

NGINX

Affected Products (14)

NGINX · NGINX Open Source <1.31.2

NGINX · NGINX Open Source 1.31.2

NGINX · NGINX Instance Manager

NGINX · NGINX Gateway Fabric <2.6.4

NGINX · NGINX Gateway Fabric 2.6.4

NGINX · NGINX Ingress Controller

NGINX · NGINX Open Source <1.30.3

NGINX · NGINX Open Source 1.30.3

NGINX · NGINX App Protect WAF

NGINX · NGINX App Protect DoS

NGINX · NGINX Plus <37.0.2.1

NGINX · NGINX Plus 37.0.2.1

NGINX · NGINX Plus <R36 P6

NGINX · NGINX Plus R36 P6

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more