Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
Nginx Server May Allow Attackers to Inject Data into Your Website
RLSA-2026:5581
Summary
A security update is available for the Nginx server software. This update fixes a vulnerability that could allow an attacker to inject malicious data into your website if they intercept your internet traffic. To stay safe, update your Nginx server to the latest version as soon as possible.
What to do
- Update nginx to version 1:1.24.0-2.module+el8.10.0+40137+188e04f4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | nginx | <= 1:1.24.0-2.module+el8.10.0+40137+188e04f4 | 1:1.24.0-2.module+el8.10.0+40137+188e04f4 |
Original title
Moderate: nginx:1.24 security update
Original description
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
osv CVSS3.1
5.9
- https://errata.rockylinux.org/RLSA-2026:5581 Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2436738 Third Party Advisory
Published: 7 Apr 2026 · Updated: 7 Apr 2026 · First seen: 7 Apr 2026