Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-uy9d-zu9s-6yh3
Vulnerability ID VCID-uy9d-zu9s-6yh3
Aliases CVE-2026-42945
Summary nginx: NGINX: Arbitrary Code Execution Vulnerability
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-131 Incorrect Calculation of Buffer Size
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42945.json
epss 0.00897 https://api.first.org/data/v1/epss?cve=CVE-2026-42945
cvssv3.1 8.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.1 https://my.f5.com/manage/s/article/K000161019
cvssv4 9.2 https://my.f5.com/manage/s/article/K000161019
ssvc Track https://my.f5.com/manage/s/article/K000161019
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42945.json
https://api.first.org/data/v1/epss?cve=CVE-2026-42945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42945
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2477116 https://bugzilla.redhat.com/show_bug.cgi?id=2477116
CVE-2026-42945 https://nvd.nist.gov/vuln/detail/CVE-2026-42945
K000161019 https://my.f5.com/manage/s/article/K000161019
RHSA-2026:17417 https://access.redhat.com/errata/RHSA-2026:17417
RHSA-2026:17751 https://access.redhat.com/errata/RHSA-2026:17751
RHSA-2026:17752 https://access.redhat.com/errata/RHSA-2026:17752
RHSA-2026:17753 https://access.redhat.com/errata/RHSA-2026:17753
RHSA-2026:17790 https://access.redhat.com/errata/RHSA-2026:17790
RHSA-2026:17791 https://access.redhat.com/errata/RHSA-2026:17791
RHSA-2026:17792 https://access.redhat.com/errata/RHSA-2026:17792
RHSA-2026:17793 https://access.redhat.com/errata/RHSA-2026:17793
RHSA-2026:17794 https://access.redhat.com/errata/RHSA-2026:17794
RHSA-2026:18029 https://access.redhat.com/errata/RHSA-2026:18029
RHSA-2026:18041 https://access.redhat.com/errata/RHSA-2026:18041
RHSA-2026:18063 https://access.redhat.com/errata/RHSA-2026:18063
RHSA-2026:19159 https://access.redhat.com/errata/RHSA-2026:19159
RHSA-2026:19371 https://access.redhat.com/errata/RHSA-2026:19371
RHSA-2026:19372 https://access.redhat.com/errata/RHSA-2026:19372
RHSA-2026:19374 https://access.redhat.com/errata/RHSA-2026:19374
RHSA-2026:20442 https://access.redhat.com/errata/RHSA-2026:20442
RHSA-2026:20444 https://access.redhat.com/errata/RHSA-2026:20444
RHSA-2026:21275 https://access.redhat.com/errata/RHSA-2026:21275
USN-8271-1 https://usn.ubuntu.com/8271-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42945.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://my.f5.com/manage/s/article/K000161019
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://my.f5.com/manage/s/article/K000161019
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-13T15:55:27Z/ Found at https://my.f5.com/manage/s/article/K000161019
Exploit Prediction Scoring System (EPSS)
Percentile 0.75963
EPSS Score 0.00897
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:39:24.665656+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42945.json 38.6.0