CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000159824	Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/02/05/1	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:nginx_gateway_fabric::::::::
	cpe:2.3:a:f5:nginx_gateway_fabric::::::::
	cpe:2.3:a:f5:nginx_ingress_controller::::::::
	cpe:2.3:a:f5:nginx_ingress_controller::::::::
	cpe:2.3:a:f5:nginx_ingress_controller::::::::
	cpe:2.3:a:f5:nginx_instance_manager::::::::
	cpe:2.3:a:f5:nginx_open_source::::::::
	cpe:2.3:a:f5:nginx_open_source::::::::
	cpe:2.3:a:f5:nginx_plus::::::::
	cpe:2.3:a:f5:nginx_plus:r32:-::::::
	cpe:2.3:a:f5:nginx_plus:r32:p1::::::
	cpe:2.3:a:f5:nginx_plus:r32:p2::::::
	cpe:2.3:a:f5:nginx_plus:r32:p3::::::
	cpe:2.3:a:f5:nginx_plus:r33:p1::::::
	cpe:2.3:a:f5:nginx_plus:r33:p2::::::
	cpe:2.3:a:f5:nginx_plus:r33:p3::::::
	cpe:2.3:a:f5:nginx_plus:r34:p1::::::
	cpe:2.3:a:f5:nginx_plus:r34:p2::::::
	cpe:2.3:a:f5:nginx_plus:r35:-::::::
	cpe:2.3:a:f5:nginx_plus:r36:-::::::
	cpe:2.3:a:f5:nginx_plus:r36:p1::::::

History

No history.

Information

Published : 2026-02-04 15:16

Updated : 2026-02-13 21:35

NVD link : CVE-2026-1642

Mitre link : CVE-2026-1642

CVE.ORG link : CVE-2026-1642

JSON object : View

Products Affected

f5

nginx_instance_manager
nginx_gateway_fabric
nginx_ingress_controller
nginx_plus
nginx_open_source

CWE

CWE-349

Acceptance of Extraneous Untrusted Data With Trusted Data

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2026-1642", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-04T15:16:14.190", "references": [{"url": "https://my.f5.com/manage/s/article/K000159824", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}, {"url": "http://www.openwall.com/lists/oss-security/2026/02/05/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-349"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker's control\u2014may be able to inject plain text data into the response from an upstream proxied server.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "Una vulnerabilidad existe en NGINX OSS y NGINX Plus cuando est\u00e1 configurado para actuar como proxy hacia servidores upstream de Transport Layer Security (TLS). Un atacante con una posici\u00f3n de man-in-the-middle (MitM) en el lado del servidor upstream \u2014junto con condiciones fuera del control del atacante\u2014 podr\u00eda ser capaz de inyectar datos en texto plano en la respuesta de un servidor proxy upstream. Nota: Las versiones de software que han alcanzado el Fin del Soporte T\u00e9cnico (EoTS) no son evaluadas."}], "lastModified": "2026-02-13T21:35:01.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE3A85CC-50DD-4BE7-A8BF-F2AA2744FCDB", "versionEndIncluding": "1.6.2", "versionStartIncluding": "1.2.0"}, {"criteria": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95483FC6-1850-4C56-95C6-D65AEF39C5E4", "versionEndExcluding": "2.4.1", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53459EB1-5EAE-4F38-86CC-303408A91124", "versionEndIncluding": "3.7.2", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73A1CDBB-49F6-4AB6-AA67-542FD8017D6A", "versionEndIncluding": "4.0.1", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48DC8DC2-497F-48F9-A68B-8EA8DAA507E0", "versionEndExcluding": "5.3.3", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05880D9D-7C68-42A8-9374-8BF4E6403757", "versionEndIncluding": "2.21.0", "versionStartIncluding": "2.15.1"}, {"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "156F74E8-589F-43FC-AD64-74E2BFD11A62", "versionEndExcluding": "1.28.2", "versionStartIncluding": "1.3.0"}, {"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6205FEE4-C23C-4FBA-953D-35E8B8644D64", "versionEndExcluding": "1.29.5", "versionStartIncluding": "1.29.0"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7600A88-7651-4D8E-A04A-3AA81C850CC5", "versionEndExcluding": "r35", "versionStartIncluding": "r33"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA913184-EAAD-409E-99C6-AB979DAA93F3"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "782DF180-1101-4D6A-A1D7-8DADBAF6D9D3"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB0B11F2-4748-492B-9906-F8C4C5EAFF12"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46DC49B8-7286-4867-9CDA-1C1B469CD304"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43477C2E-7485-4146-B25C-F58D632CD85B"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A25B9CF-02C0-42DE-9C70-F2AD3ACE3CEB"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7453D683-FCA7-46EE-BE49-5FD9A01D7F87"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r34:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A977BF9F-D165-4B93-B4D2-A177883A5E75"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r35:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D5FFD66-35C3-41AD-BD77-510E34A3AC6F"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r36:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7E5F940-048A-446F-9A1E-074612CEA1AC"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7993A0FB-BE7E-4634-BF7F-FDEE3582D3E7"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}