cvedb.io
CVE-2026-42934
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2026-05-13T16:16:49.910 · Last modified 2026-06-18T14:07:22.880

Summary

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected products

f5 — dos

Does this affect you?

Add your gear to cvedb and we'll alert you only when f5 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.