CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2026-42530: Use-After-Free in NGINX HTTP/3 Module

June 25, 2026

A critical use-after-free vulnerability in NGINX Open Source's ngx_http_v3_module allows remote unauthenticated attackers to execute code via a crafted HTTP/3 session. CVSS v4 score 9.2.