Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:4235

Опубликовано: 12 мар. 2026
Источник: rocky
Оценка: Moderate

Описание

Moderate: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

  • nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
nginxx86_642.module+el9.7.0+40103+2443f6d1nginx-1.26.3-2.module+el9.7.0+40103+2443f6d1.x86_64.rpm
nginx-all-modulesnoarch2.module+el9.7.0+40103+2443f6d1nginx-all-modules-1.26.3-2.module+el9.7.0+40103+2443f6d1.noarch.rpm
nginx-corex86_642.module+el9.7.0+40103+2443f6d1nginx-core-1.26.3-2.module+el9.7.0+40103+2443f6d1.x86_64.rpm
nginx-filesystemnoarch2.module+el9.7.0+40103+2443f6d1nginx-filesystem-1.26.3-2.module+el9.7.0+40103+2443f6d1.noarch.rpm
nginx-mod-develx86_642.module+el9.7.0+40103+2443f6d1nginx-mod-devel-1.26.3-2.module+el9.7.0+40103+2443f6d1.x86_64.rpm
nginx-mod-http-image-filterx86_642.module+el9.7.0+40103+2443f6d1nginx-mod-http-image-filter-1.26.3-2.module+el9.7.0+40103+2443f6d1.x86_64.rpm
nginx-mod-http-perlx86_642.module+el9.7.0+40103+2443f6d1nginx-mod-http-perl-1.26.3-2.module+el9.7.0+40103+2443f6d1.x86_64.rpm
nginx-mod-http-xslt-filterx86_642.module+el9.7.0+40103+2443f6d1nginx-mod-http-xslt-filter-1.26.3-2.module+el9.7.0+40103+2443f6d1.x86_64.rpm
nginx-mod-mailx86_642.module+el9.7.0+40103+2443f6d1nginx-mod-mail-1.26.3-2.module+el9.7.0+40103+2443f6d1.x86_64.rpm
nginx-mod-streamx86_642.module+el9.7.0+40103+2443f6d1nginx-mod-stream-1.26.3-2.module+el9.7.0+40103+2443f6d1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2026-1642

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2026-1642

CVSS3: 5.9
ubuntu
около 2 месяцев назад

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

redhat логотип

CVE-2026-1642

CVSS3: 5.9
redhat
около 2 месяцев назад

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

nvd логотип

CVE-2026-1642

CVSS3: 5.9
nvd
около 2 месяцев назад

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

debian логотип

CVE-2026-1642

CVSS3: 5.9
debian
около 2 месяцев назад

A vulnerability exists in NGINX OSS and NGINX Plus when configured to ...

redos логотип

ROS-20260310-73-0051

CVSS3: 7.5
redos
16 дней назад

Уязвимость angie