Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 545
Alerts This Week
Warning Icon 1 545

Ubuntu 26.04 LTS njs Critical Heap Overflow Risk USN-8425-1

ubuntu
Calendar Grey June 17, 2026
Scroller Ubuntu Esm H88
A critical flaw in njs may lead to denial of service or arbitrary code execution on Ubuntu 26.04 LTS. Update recommended.
njs could be made to crash or run programs if it received a specially crafted input.

Summary

njs could be made to crash or run programs if it received a specially

crafted input.

Software Description:

- libnginx-mod-js: A subset of JavaScript language to use in nginx

Details:

It was discovered that njs did not properly handle certain client-

controlled variables when processing ngx.fetch() requests. An attacker

could possibly use this issue to trigger a heap buffer overflow, resulting

in arbitrary code execution or a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libnginx-mod-http-js            0.9.4-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libnginx-mod-stream-js          0.9.4-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  njs                             0.9.4-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8425-1

CVE-2026-8711

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8425-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.