PT-2026-60187 · F5 · Nginx Plus

Publicado

2026-07-15

·

Atualizado

2026-07-15

·

CVE-2026-60065

CVSS v3.1

3.7

Baixa

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx stream mqtt filter module), unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.
Impact: This vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-60065

Produtos afetados

Nginx Plus