[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-42055":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-21T07:39:11.499Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":26,"downstream":27,"duplicates":34,"related":35,"reserved_at":9,"published_at":37,"modified_at":38,"state":39,"summary":40,"references_raw":49,"kevs":55,"epss":56,"epss_history":59,"metrics":67,"affected":77},"CVE-2026-42055","NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-122","Heap-based Buffer Overflow","A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().","weakness","Draft","Variant","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-92","Forced Integer Overflow",[],[],[],[],[28,30,32],{"_key":29},"DEBIAN-CVE-2026-42055",{"_key":31},"UBUNTU-CVE-2026-42055",{"_key":33},"OPENSUSE-SU-2026:11066-1",[],[36],{"_key":33},"2026-06-17T14:04:32.520Z","2026-06-18T03:57:46.697Z","PUBLISHED",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":42,"epss_score":43,"severity":44,"severity_score":45,"severity_version":46,"severity_source":47,"severity_vector":48,"severity_status":39},false,"low",0.00636,"critical",9.2,"v4.0","cve.org","CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[50],{"url":51,"sources":52,"tags":53},"https://my.f5.com/manage/s/article/K000161584",[47],[54],"Vendor Advisory",[],{"date":57,"score":43,"percentile":58},"2026-06-20",0.45681,[60,63,66],{"date":61,"score":43,"percentile":62},"2026-06-18",0.45698,{"date":64,"score":43,"percentile":65},"2026-06-19",0.4569,{"date":57,"score":43,"percentile":58},[68],{"source":47,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":69,"cvss_v4_0":75},{"baseScore":70,"baseSeverity":71,"vectorString":72,"impactScore":73,"exploitabilityScore":74},8.1,"HIGH","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",9.8,5.6,{"baseScore":45,"baseSeverity":76,"vectorString":48,"impactScore":9,"exploitabilityScore":9},"CRITICAL",[78,95],{"ecosystem":9,"name":79,"vendor":80,"product":81,"cpe_part":82,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":83},"NGINX Open Source","f5","nginx open source","a",[84,91],{"version":85,"is_range":86,"range_type":47,"version_start":87,"version_start_type":88,"version_end":89,"version_end_type":90,"fixed_in":9},">= 1.13.10, \u003C 1.31.2",true,"1.13.10","including","1.31.2","excluding",{"version":92,"is_range":86,"range_type":47,"version_start":93,"version_start_type":88,"version_end":94,"version_end_type":90,"fixed_in":9},">= 1.30.2, \u003C 1.30.3","1.30.2","1.30.3",{"ecosystem":9,"name":96,"vendor":80,"product":97,"cpe_part":82,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":98},"NGINX Plus","nginx plus",[99,103],{"version":100,"is_range":86,"range_type":47,"version_start":101,"version_start_type":88,"version_end":102,"version_end_type":90,"fixed_in":9},">= 37.0, \u003C 37.0.2.1","37.0","37.0.2.1",{"version":104,"is_range":86,"range_type":47,"version_start":105,"version_start_type":88,"version_end":106,"version_end_type":90,"fixed_in":9},">= R36, \u003C R36 P6","R36","R36 P6"]