CVE-2026-42946
mediumCVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
EPSS Score
0.8%
Exploitation probability in 30 days
Top 47% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
None
Availability
Low
Vulnerability Report
Generated by CyberWatcher
Description
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CWE
CWE-789Affected Products
f5 dosf5 nginx app protect dosf5 nginx app protect waff5 nginx gateway fabricf5 nginx ingress controllerf5 nginx instance managerf5 nginx open sourcef5 nginx plusf5 waf