CVE-2026-60065 in NGINX Plus정보

요약

\~에 의해 MITRE • 2026. 07. 15.

When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.

Impact: This vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!