Alerts This Week
Warning Icon 1 652
Alerts This Week
Warning Icon 1 652

Ubuntu Nginx Important Denial of Service Issues USN-8354-1 CVE-2026-40460

ubuntu
Calendar Grey June 1, 2026
Dist Ubuntu Esm H88
Multiple security issues addressed in nginx for Ubuntu affecting various releases. Updates are strongly recommended.
Several security issues were fixed in nginx.

Summary

Several security issues were fixed in nginx.

Software Description:

- nginx: small, powerful, scalable web/proxy server

Details:

It was discovered that nginx did not properly validate source addresses in

the HTTP/3 QUIC module. A remote attacker could possibly use this issue to

bypass authorization checks or rate limiting. This issue only affected

Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-40460)

It was discovered that nginx contained a use-after-free vulnerability in

the ngx_http_ssl_module module when client certificate verification and

OCSP validation were enabled. A remote attacker could use this issue to

cause nginx to crash, resulting in a denial of service, or possibly modify

data in memory. (CVE-2026-40701)

It was discovered that nginx did not properly handle certain proxied

responses in the ngx_http_charset_module module. A remote attacker could

possibly use this issue to obtain sensitive information or cause nginx to

crash, resulting in a denial of service. (CVE-2026-42...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service remote access Ubuntu important nginx

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  nginx                           1.28.3-2ubuntu1.2
  nginx-core                      1.28.3-2ubuntu1.2
  nginx-extras                    1.28.3-2ubuntu1.2
  nginx-full                      1.28.3-2ubuntu1.2
  nginx-light                     1.28.3-2ubuntu1.2

Ubuntu 25.10
  nginx                           1.28.0-6ubuntu1.4
  nginx-core                      1.28.0-6ubuntu1.4
  nginx-extras                    1.28.0-6ubuntu1.4
  nginx-full                      1.28.0-6ubuntu1.4
  nginx-light                     1.28.0-6ubuntu1.4

Ubuntu 24.04 LTS
  nginx                           1.24.0-2ubuntu7.9
  nginx-core                      1.24.0-2ubuntu7.9
  nginx-extras                    1.24.0-2ubuntu7.9
  nginx-full                      1.24.0-2ubuntu7.9
  nginx-light                     1.24.0-2ubuntu7.9

Ubuntu 22.04 LTS
  nginx                           1.18.0-6ubuntu14.12
  nginx-core                      1.18.0-6ubuntu14.12
  nginx-extras                    1.18.0-6ubuntu14.12
  nginx-full                      1.18.0-6ubuntu14.12
  nginx-light                     1.18.0-6ubuntu14.12

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8354-1

CVE-2026-40460, CVE-2026-40701, CVE-2026-42934, CVE-2026-42946,

CVE-2026-9256

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8354-1

Topics%20covered

Topics Covered

security advisory denial of service remote access Ubuntu important nginx

Package Information

https://launchpad.net/ubuntu/+source/nginx/1.28.3-2ubuntu1.2
https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.4
https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.9
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.12

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here