- Server operating system version
- centos 6.10
- Plesk version and microupdate number
- 18.0.31
Just a quick note that three more CVEs for nginx have been posted as of yesterday the 15th, with one rated as a major severity with a CVSS v4.0 score of 9.2 (Critical) and a CVSS v3.1 base score of 8.1 (High)
Reference:
cybersecuritynews.com
and noted on their home page:
Specifically:
nginx-1.30.4 stable and nginx-1.31.3 mainline versions have been released, with fixes for:
Just finished patching mine directly on an older system by compiling from source (like the last round of CVE's for nginx) and wanted to raise the alarm.
Happy Patching!
Reference:
F5 Patches Multiple NGINX Vulnerabilities Enabling Heap Buffer Overflow and Code Execution Attacks
F5 has disclosed three high-severity vulnerabilities affecting NGINX Plus and NGINX Open Source, warning that unauthenticated attackers could exploit them to trigger memory corruption, crash worker processes, or, in the worst case, execute arbitrary code.
cybersecuritynews.com
Specifically:
nginx-1.30.4 stable and nginx-1.31.3 mainline versions have been released, with fixes for:
- Buffer overflow vulnerability when using map with regex (CVE-2026-42533)
- Memory disclosure vulnerability when using ngx_http_slice_module (CVE-2026-60005)
- and a use-after-free vulnerability when using ngx_http_ssi_module (CVE-2026-56434)
- CVE-2026-42533 (Major Severity)
- Vulnerable Range: 0.9.6 – 1.31.2
- The Flaw: A heap buffer overflow occurs when using a map directive with regex matching. If a string expression references regex capture variables before referencing the map's output variable, an attacker can crash the NGINX worker process or potentially execute remote code if ASLR is bypassed.
- CVE-2026-60005 (Medium Severity)
- Vulnerable Range: 1.15.8 – 1.31.2
- The Flaw: An uninitialized memory access bug in the ngx_http_slice_module. If you compile NGINX with this non-default module (--with-http_slice_module) and combine the slice directive with unnamed regex captures, a crafted request can force worker restarts or cause limited information disclosure.
- CVE-2026-56434 (Medium Severity)
- Vulnerable Range: 0.8.11 – 1.31.2
- The Flaw: A use-after-free vulnerability in the ngx_http_ssi_module. It triggers if you have Server-Side Includes (SSI) active alongside proxy_pass and proxy_buffering off. A Man-in-the-Middle (MITM) attacker controlling upstream responses can crash workers or modify memory.
Bash:
#Check if you are using the map directive for CVE-2026-41533
nginx -T 2>/dev/null | grep -i "map "
#Check for presence of the with-http_slice_module
nginx -V 2>&1 | grep --color "with-http_slice_module"
nginx -T 2>/dev/null | grep -i "slice;"
#Check for the ngx_http_ssi_module
nginx -T 2>/dev/null | grep -E "ssi on|proxy_buffering off"
Just finished patching mine directly on an older system by compiling from source (like the last round of CVE's for nginx) and wanted to raise the alarm.
Happy Patching!