CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2026-42055: Heap Buffer Overflow in NGINX HTTP/2 Proxy and gRPC Modules

June 25, 2026

A critical heap-based buffer overflow in NGINX Open Source and NGINX Plus allows remote unauthenticated attackers to execute code when proxying HTTP/2 traffic under specific configurations. CVSS v4 score 9.2.