F5 Patches Multiple NGINX, BIG-IP Vulnerabilities

F5 Patches Multiple NGINX, BIG-IP Vulnerabilities
F5 released an out-of-band update for NGINX and BIG-IP that fixes eight vulnerabilities, including CVE-2026-42533, a critical heap buffer overflow issue in NGINX Plus and NGINX Open Source. The patches also address multiple high-severity flaws in NGINX Ingress Controller and BIG-IP that could enable memory leaks, process restarts, configuration abuse, and denial-of-service conditions. #NGINX #BIGIP #CVE-2026-42533 #NGINXIngressController

Keypoints

  • F5 announced an out-of-band patch for eight vulnerabilities in NGINX and BIG-IP.
  • CVE-2026-42533 is a critical flaw in NGINX Plus and NGINX Open Source.
  • The bug can be triggered with crafted HTTP requests to cause a heap buffer overflow.
  • Several NGINX module flaws could leak memory, restart workers, or cause use-after-free issues.
  • NGINX Ingress Controller and BIG-IP fixes address configuration abuse and denial-of-service risks.

Read More: https://www.securityweek.com/f5-patches-multiple-nginx-big-ip-vulnerabilities/