Nginx Multiple Vulnerabilities

Release Date: 15 May 2026

RISK: Medium Risk

TYPE: Servers - Web Servers

Multiple vulnerabilities were identified in Nginx. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, denial of service condition, remote code execution, sensitive information disclosure, security restriction bypass and data manipulation on the targeted system.

---

Impact

• Denial of Service
• Information Disclosure
• Remote Code Execution
• Data Manipulation
• Spoofing
• Security Restriction Bypass

---

System / Technologies affected

• Nginx version prior to nginx-1.30.1 stable
• Nginx version prior to nginx-1.31.0 mainline

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://nginx.org/2026.html

---

Vulnerability Identifier

• CVE-2026-40460
• CVE-2026-40701
• CVE-2026-42926
• CVE-2026-42934
• CVE-2026-42945
• CVE-2026-42946

---

Source

• https://nginx.org/2026.html

---

Related Link

• https://nginx.org/2026.html