logo

CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities

ID: d94c2e4a-9459-58ff-b889-fc9553b441d8

STIX ID: report--d94c2e4a-9459-58ff-b889-fc9553b441d8

Feed Name: SOCRadar Blog

Threat Score
68/100

Date Published: 2026-06-19

Date Updated: 2026-06-20

Author: Ameer Owda

...
...

F5 issued out-of-band security updates for two NGINX vulnerabilities: CVE-2026-42530 (HTTP/3 QUIC use-after-free, CVSS 8.1) and CVE-2026-42055 (HTTP/2/gRPC heap overflow, CVSS 7.3). Both are remotely triggerable and can cause NGINX worker restarts (DoS) and, in some configurations, may enable remote code execution; affected versions and fixed releases are provided. Recommended actions include upgrading to the patched NGINX releases (e.g., 1.31.2+ for CVE-2026-42530 and 1.30.3/1.31.2+ for CVE-2026-42055 or following F5 product guidance), disabling HTTP/3 where unnecessary, and monitoring for worker instability and abnormal QUIC/HTTP/2/gRPC traffic.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.