USN-8038-1
- Source
- https://ubuntu.com/security/notices/USN-8038-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8038-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8038-1
- Upstream
- Related
- Published
- 2026-02-12T17:55:29Z
- Modified
- 2026-02-13T18:28:54.823949Z
- Summary
- nginx vulnerability
- Details
-
It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server.
- References
Affected packages
Ubuntu:22.04:LTS / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx@1.18.0-6ubuntu14.8?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.18.0-6ubuntu14.8
Affected versions
1.*
1.18.0-6ubuntu11
1.18.0-6ubuntu12
1.18.0-6ubuntu14
1.18.0-6ubuntu14.1
1.18.0-6ubuntu14.2
1.18.0-6ubuntu14.3
1.18.0-6ubuntu14.4
1.18.0-6ubuntu14.5
1.18.0-6ubuntu14.6
1.18.0-6ubuntu14.7
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-auth-pam"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-cache-purge"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-dav-ext"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-echo"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-fancyindex"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-geoip"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-geoip2"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-headers-more-filter"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-image-filter"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-ndk"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-perl"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-subs-filter"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-uploadprogress"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-upstream-fair"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-http-xslt-filter"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-mail"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-nchan"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-rtmp"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-stream"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-stream-geoip"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "libnginx-mod-stream-geoip2"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "nginx"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "nginx-common"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "nginx-core"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "nginx-extras"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "nginx-full"
},
{
"binary_version": "1.18.0-6ubuntu14.8",
"binary_name": "nginx-light"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8038-1.json"
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2026-1642",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:24.04:LTS / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx@1.24.0-2ubuntu7.6?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.24.0-2ubuntu7.6
Affected versions
1.*
1.24.0-1ubuntu1
1.24.0-2ubuntu1
1.24.0-2ubuntu2
1.24.0-2ubuntu3
1.24.0-2ubuntu4
1.24.0-2ubuntu6
1.24.0-2ubuntu7
1.24.0-2ubuntu7.1
1.24.0-2ubuntu7.3
1.24.0-2ubuntu7.4
1.24.0-2ubuntu7.5
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "libnginx-mod-http-geoip"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "libnginx-mod-http-image-filter"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "libnginx-mod-http-perl"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "libnginx-mod-http-xslt-filter"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "libnginx-mod-mail"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "libnginx-mod-stream"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "libnginx-mod-stream-geoip"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "nginx"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "nginx-common"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "nginx-core"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "nginx-dev"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "nginx-extras"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "nginx-full"
},
{
"binary_version": "1.24.0-2ubuntu7.6",
"binary_name": "nginx-light"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8038-1.json"
cves_map
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2026-1642",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}
Ubuntu:25.10 / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx@1.28.0-6ubuntu1.1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.28.0-6ubuntu1.1
Affected versions
1.*
1.26.3-2ubuntu1
1.26.3-3ubuntu1
1.26.3-3ubuntu2
1.26.3-3ubuntu3
1.28.0-3ubuntu1
1.28.0-4ubuntu1
1.28.0-6ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "libnginx-mod-http-geoip"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "libnginx-mod-http-image-filter"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "libnginx-mod-http-perl"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "libnginx-mod-http-xslt-filter"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "libnginx-mod-mail"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "libnginx-mod-stream"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "libnginx-mod-stream-geoip"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "nginx"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "nginx-common"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "nginx-core"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "nginx-dev"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "nginx-extras"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "nginx-full"
},
{
"binary_version": "1.28.0-6ubuntu1.1",
"binary_name": "nginx-light"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8038-1.json"
cves_map
{
"ecosystem": "Ubuntu:25.10",
"cves": [
{
"id": "CVE-2026-1642",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}