PT-2026-41939 · Nginx+1 · Nginx Javascript+1
Published
2026-05-19
·
Updated
2026-06-29
·
CVE-2026-8711
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NGINX JavaScript (affected versions not specified)
Description
An issue exists when the 'js fetch proxy' directive is configured with at least one client-controlled NGINX variable, such as
$http *, $arg *, or $cookie *, and a location invokes the ngx.fetch() function. An unauthenticated remote attacker can exploit this by sending crafted HTTP requests, triggering a heap buffer overflow in the NGINX worker process. This can lead to a process restart or potential remote code execution on systems where Address Space Layout Randomization (ASLR)—a security technique that randomly arranges the address space positions of key data areas of a process—is disabled or bypassed.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Review 'js fetch proxy' configurations and avoid passing untrusted variables to the directive.
As a temporary mitigation, restrict the use of the
ngx.fetch() function in locations where client-controlled variables are used in the 'js fetch proxy' configuration.RCE
DoS
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nginx Javascript
Red Os