Post
CRITICAL

F5 Patches Two Critical NGINX Open Source RCE Flaws

· rce · vulnerability · cve · appsec

F5 released security updates addressing two critical vulnerabilities in NGINX Open Source that could be exploited to achieve remote code execution. The most severe, CVE-2026-42530 (CVSS v4 score 9.2), is a use-after-free in the ngx_http_v3_module that can be triggered by a remote, unauthenticated attacker. Given the unauthenticated remote attack vector, organizations running NGINX Open Source should prioritize patching immediately.