F5 released an out-of-band update for NGINX and BIG-IP that fixes eight vulnerabilities, including CVE-2026-42533, a critical heap buffer overflow issue in NGINX Plus and NGINX Open Source. The patches also address multiple high-severity flaws in NGINX Ingress Controller and BIG-IP that could enable memory leaks, process restarts, configuration abuse, and denial-of-service conditions. #NGINX #BIGIP #CVE-2026-42533 #NGINXIngressController
Keypoints
- F5 announced an out-of-band patch for eight vulnerabilities in NGINX and BIG-IP.
- CVE-2026-42533 is a critical flaw in NGINX Plus and NGINX Open Source.
- The bug can be triggered with crafted HTTP requests to cause a heap buffer overflow.
- Several NGINX module flaws could leak memory, restart workers, or cause use-after-free issues.
- NGINX Ingress Controller and BIG-IP fixes address configuration abuse and denial-of-service risks.
Read More: https://www.securityweek.com/f5-patches-multiple-nginx-big-ip-vulnerabilities/