CVE-2026-60005 in NGINX Plus정보

요약

\~에 의해 MITRE • 2026. 07. 15.

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart.

Impact: This vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: The ngx_http_slice_module module is not enabled by default; it's enabled with the --with-http_slice_module configuration parameter.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Once again VulDB remains the best source for vulnerability data.

책임이 있는

F5

예약하다

2026. 07. 08.

모더레이션

수락

항목

VDB-379303

EPSS

0.00000

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!