CVE-2026-42530: NGINX Open Source

What is CVE-2026-42530?

Use-after-free RCE; CVSS 9.2; patched

CVSSawaiting NVD

ExploitationNo exploitation reported

EPSS1% · P50

Triage statusUnder Review

ActionSchedule for next cycle

Affected product

NGINX Open Source

Remediation Steps

Update NGINX Open Source to the patched version released by F5
Disable or restrict access to the ngx_http_v3_module if not required
Monitor for signs of exploitation or anomalous traffic patterns
Review access logs for suspicious remote requests to affected NGINX instances

References

https://nvd.nist.gov/vuln/detail/CVE-2026-42530
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Coverage on defend.network

Vulnerability Priority Report – Week 3 of June 2026 (June 15 – 21)
NGINX RCE, Windows crypto-stealer, Salesforce breaches, INC ransomware surge (2026-06-19)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

What is CVE-2026-42530?

Affected product

Remediation Steps

References

Coverage on defend.network

Get Critical CVE Alerts