Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Debian LTS Nginx Critical Remote Code Exec Denial of Service DLA-4660-1

debian lts
Calendar Grey June 30, 2026
Dist Debian Esm H88
Multiple vulnerabilities in Nginx can lead to remote code execution, denial of service, and memory disclosure. Upgrade recommended.
Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in remote code execution, denial of service or memory disclosu...

Summary

CVE-2026-42055

NGINX Open Source has a vulnerability in the ngx_http_proxy_v2_module and
ngx_http_grpc_module modules. This vulnerability exists when the
proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2
traffic, the ignore_invalid_headers directive is set to off, and the
large_client_header_buffers directive size is larger than 2 megabytes. A
remote, unauthenticated attacker, along with conditions beyond their
control, could send large headers while creating an upstream request. This
may cause a heap-based buffer overflow in the NGINX worker process leading
to a restart. Additionally, attackers can execute code on systems with
Address Space Layout Randomization (ASLR) disabled or when the attacker can
bypass ASLR.

CVE-2026-48142

NGINX Open Source has a vulnerability in the ngx_http_charset_module module.
When content is served or proxied through a location block with both

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: nginx
Version: 1.18.0-6.1+deb11u8
CVE ID: CVE-2026-42055 CVE-2026-48142
Debian Bug: 1138794 1140359 1140361

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here