logo

CVE-2026-42530: Critical NGINX HTTP/3 Flaw Can Trigger DoS and Possible RCE

ID: 9ef496c4-7084-559a-9935-a43f9196e7ac

STIX ID: report--9ef496c4-7084-559a-9935-a43f9196e7ac

Feed Name: SOC Prime Blog

Threat Score
70/100

Date Published: 2026-06-19

Date Updated: 2026-06-19

Author: SOC Prime Team

...
...

F5 issued out-of-band security updates for critical NGINX vulnerabilities, notably CVE-2026-42530: a use-after-free in the ngx_http_v3_module that can crash worker processes and, where ASLR is disabled or bypassed, enable arbitrary code execution. The issue affects NGINX Open Source 1.31.0 and 1.31.1 with HTTP/3 QUIC enabled; the advisory recommends upgrading to 1.31.2 or applying vendor patches, inventorying HTTP/3-enabled systems, and limiting protocol exposure while patching. No public exploit or stable IOCs were reported at the time.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.