CRITICAL
F5 Patches Two Critical NGINX Open Source RCE Flaws
F5 released security updates addressing two critical vulnerabilities in NGINX Open Source that could be exploited to achieve remote code execution. The most severe, CVE-2026-42530 (CVSS v4 score 9.2), is a use-after-free in the ngx_http_v3_module that can be triggered by a remote, unauthenticated attacker. Given the unauthenticated remote attack vector, organizations running NGINX Open Source should prioritize patching immediately.