CVE-2026-56434

Published Jul 15, 2026

Last updated 3 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-56434 is a use-after-free vulnerability found in the `ngx_http_ssi_module` of NGINX Plus and NGINX Open Source. This flaw specifically manifests when Server-Side Includes (SSI), `proxy_pass`, and `proxy_buffering off` directives are configured simultaneously. An unauthenticated attacker with man-in-the-middle (MITM) capabilities can exploit this vulnerability by controlling responses from an upstream server. This can trigger a use-after-free condition within the NGINX worker process, potentially leading to limited modification of memory contents or a restart of the NGINX worker process.

Description
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to cause a use-after-free in the NGINX worker process. This issue may lead to limited modification of memory or a restart of the NGINX worker process. Impact: This vulnerability may allow remote attackers to have limited control to modify memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source
f5sirt@f5.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
4.2
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Severity
MEDIUM

Weaknesses

f5sirt@f5.com
CWE-416

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. nginx releases security updates (1.30.4 & 1.31.3): Fixes include: • CVE-2026-42533 – Buffer overflow • CVE-2026-60005 – Memory disclosure • CVE-2026-56434 – Use-after-free Update as soon as possible. #nginx #Vulnerability

    @ThreatByte

    17 Jul 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2026-42533, CVE-2026-60005 & CVE-2026-56434: F5 has disclosed three high-severity vulnerabilities affecting NGINX Plus and NGINX Open Source, potentially leading to memory corruption, worker crashes, or remote code execution. #CyberSecurity #CVE #NGINX #F5 #ThreatWi

    @ThreatWire_

    16 Jul 2026

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔴 NGINX kullanıcılarının dikkatine! F5, NGINX ve NGINX Plus'ı etkileyen 3 yüksek önem dereceli güvenlik açığını duyurdu. • CVE-2026-42533 – Heap Buffer Overflow • CVE-2026-60005 – Uninitialized Memory Disclosure • CVE-2026-56434 – Use-After-Free Etk

    @ridvanyagli

    16 Jul 2026

    197 Impressions

    1 Retweet

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2026-56434: NGINX ngx_http_ssi_module vulnerability Critical Vulnerability Alert! Nginx is affected by CVE-2026-56434. Full Vulnerability Details & Analysis at DarkEye: 🔗 https://t.co/xdE1q0TbQ3 🔍 Identify Targets via ZoomEye: Filter: vul.cve="CVE-2026-5643

    @zoomeye_team

    16 Jul 2026

    4164 Impressions

    18 Retweets

    46 Likes

    22 Bookmarks

    2 Replies

    1 Quote

  5. NGINX release-1.30.4 patches CVE-2026-42533 Critical security vulnerabilities (CVE-2026-42533, CVE-2026-60005, CVE-2026-56434) fixed. Upgrade carefully. → https://t.co/aKovKRAYKK

    @ReleasePort

    16 Jul 2026

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. F5 patched the NGINX code execution flaw CVE-2026-42533, along with CVE-2026-60005 and CVE-2026-56434. Update NGINX Plus and Open Source builds now. #NGINX #CVE202642533 #CodeExecution #F5 #Vulnerability https://t.co/cds4Vr6BxO

    @Daily_CyberSec

    16 Jul 2026

    571 Impressions

    2 Retweets

    9 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.