Unrated severityNVD Advisory· Published Feb 4, 2026· Updated Feb 5, 2026
NGINX vulnerability
CVE-2026-1642
Description
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected products
22(expand)+ 1 more
- (no CPE)
- (no CPE)range: R36
- osv-coords19 versionspkg:apk/chainguard/nginx-stablepkg:apk/chainguard/nginx-stable-config-compatpkg:apk/chainguard/nginx-stable-syslog-configpkg:apk/wolfi/nginx-stablepkg:apk/wolfi/nginx-stable-config-compatpkg:apk/wolfi/nginx-stable-syslog-configpkg:bitnami/nginxpkg:bitnami/nginx-gatewaypkg:rpm/almalinux/nginxpkg:rpm/almalinux/nginx-all-modulespkg:rpm/almalinux/nginx-corepkg:rpm/almalinux/nginx-filesystempkg:rpm/almalinux/nginx-mod-develpkg:rpm/almalinux/nginx-mod-http-image-filterpkg:rpm/almalinux/nginx-mod-http-perlpkg:rpm/almalinux/nginx-mod-http-xslt-filterpkg:rpm/almalinux/nginx-mod-mailpkg:rpm/almalinux/nginx-mod-streampkg:rpm/opensuse/nginx&distro=openSUSE%20Tumbleweed
< 1.30.0-r0+ 18 more
- (no CPE)range: < 1.30.0-r0
- (no CPE)range: < 1.30.0-r0
- (no CPE)range: < 1.30.0-r0
- (no CPE)range: < 1.30.0-r0
- (no CPE)range: < 1.30.0-r0
- (no CPE)range: < 1.30.0-r0
- (no CPE)range: >= 1.3.0, < 1.28.4
- (no CPE)range: >= 1.3.0, < 1.29.5
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
- (no CPE)range: < 1.29.5-1.1
Patches
Vulnerability mechanics
References
1- my.f5.com/manage/s/article/K000159824mitrevendor-advisory
News mentions
0No linked articles in our index yet.