Fedora 42 nginx-mod-modsecurity Patch for CVE-2026-1642 Data Injection

fedora

February 15, 2026

nginx-mod-fancyindex: Rebuild for 1.28.2 nginx-mod-headers-more: Rebuild for 1.28.2 nginx-mod-brotli:

Summary

The ModSecurity-nginx connector is the connection point between nginx and

libmodsecurity (ModSecurity v3). Said another way, this project provides a

communication channel between nginx and libmodsecurity. This connector is

required to use LibModSecurity with nginx.

The ModSecurity-nginx connector takes the form of an nginx module. The module

simply serves as a layer of communication between nginx and ModSecurity

Update Information:

nginx-mod-fancyindex: Rebuild for 1.28.2 nginx-mod-headers-more: Rebuild for 1.28.2 nginx-mod-brotli: Rebuild for 1.28.2 nginx-mod-modsecurity: Rebuild for 1.28.2 nginx-mod-vts: Rebuild for 1.28.2 nginx-mod-naxsi: Rebuild for 1.28.2 nginx: Update to 1.28.2 fixes CVE-2026-1642 move log directory to nginx-filesystem subpackage (PR#20) delete Maxim Dounin's key, it's no longer listed on the nginx website

Topics Covered

security advisory fedora critical man-in-the-middle data injection nginx-mod-modsecurity

Change Log

* Wed Feb 4 2026 Felix Kaechele - 1.0.4-7 - Rebuild for 1.28.2 * Fri Jan 16 2026 Fedora Release Engineering - 1.0.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References

[ 1 ] Bug #2436870 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2436870

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0b8cc86e5b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: nginx-mod-modsecurity

Product: Fedora 42

Version: 1.0.4

Release: 7.fc42

URL: https://github.com/owasp-modsecurity/ModSecurity-nginx

Summary: ModSecurity v3 nginx connector

Topics Covered

security advisory fedora critical man-in-the-middle data injection nginx-mod-modsecurity

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42 nginx-mod-modsecurity Patch for CVE-2026-1642 Data Injection

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42 nginx-mod-modsecurity Patch for CVE-2026-1642 Data Injection

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!