Nginx Server: Man-in-the-middle Attack Possible on Encrypted Connections

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Nginx Server: Man-in-the-middle Attack Possible on Encrypted Connections

ALSA-2026:3638

Summary

A security update is available for Nginx, a popular web and proxy server. This update fixes a vulnerability that could allow an attacker to inject data into encrypted connections, potentially allowing them to intercept sensitive information. We recommend updating to the latest version of Nginx to ensure the security of your web server.

What to do

Update almalinux nginx to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-all-modules to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-core to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-filesystem to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-mod-devel to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-mod-http-image-filter to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-mod-http-perl to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-mod-http-xslt-filter to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-mod-mail to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.
Update almalinux nginx-mod-stream to version 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1.

Affected software

Vendor	Product	Affected versions	Fix available
almalinux	nginx	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-all-modules	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-core	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-filesystem	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-mod-devel	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-mod-http-image-filter	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-mod-http-perl	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-mod-http-xslt-filter	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-mod-mail	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1
almalinux	nginx-mod-stream	<= 1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1	1:1.24.0-5.module_el9.7.0+212+9d3c155a.1.alma.1

Original title

Moderate: nginx:1.24 security update

Original description

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

https://access.redhat.com/errata/RHSA-2026:3638 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-1642 Third Party Advisory
https://bugzilla.redhat.com/2436738 Third Party Advisory
https://errata.almalinux.org/9/ALSA-2026-3638.html Vendor Advisory

Published: 3 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026