BIT-nginx-2026-42934
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/nginx/BIT-nginx-2026-42934.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-nginx-2026-42934
- Aliases
-
- BIT-nginx-gateway-2026-42934
- CVE-2026-42934
- Published
- 2026-05-15T08:50:06.374Z
- Modified
- 2026-05-15T11:11:26.069593245Z
- Summary
- NGINX ngx_http_charset_module vulnerability
- Details
-
NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When charset, sourcecharset, and charsetmap and proxypass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- Database specific
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" ] }- References
Affected packages
Bitnami / nginx
Package
- Name
- nginx
- Purl
- pkg:bitnami/nginx
Severity
- 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator