UBUNTU-CVE-2026-48142

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2026-48142

Published: 19 Jun 2026, 00:00

Last modified:19 Jun 2026, 18:00

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 Jun 2026, 00:00

Published

Vulnerability first disclosed

19 Jun 2026, 18:00

Last Modified

Vulnerability information updated

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Systems

ubuntu•nginx
all | all | all | all | all

UBUNTU-CVE-2026-48142

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)