CVE-2026-60065 in NGINX Plusinformação

Sumário

de MITRE • 15/07/2026

When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.

Impact: This vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsável

F5

Reservar

08/07/2026

Divulgação

15/07/2026

Moderação

aceite

Entrada

VDB-379280

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!