CVE-2026-60065 in NGINX Plusthông tin

Tóm tắt

Bởi MITRE • 15/07/2026

When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.

Impact: This vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

chịu trách nhiệm

F5

Đặt trước

08/07/2026

Tiết lộ

15/07/2026

Kiểm duyệt

được chấp nhận

EPSS

0.00000

KEV

không

Các hoạt động

rất thấp

Nguồn

Might our Artificial Intelligence support you?

Check our Alexa App!