CVE-2026-1642 – F5 NGINX OSS Denial of Service Vulnerability
“A specially crafted request can overwhelm the web server and bring critical applications to a halt.”
This patch addresses a medium-severity vulnerability (CVE-2026-1642) affecting F5 NGINX Open Source (OSS). The issue exists in how NGINX processes certain malformed HTTP requests. Improper request handling can allow attackers to send specially crafted traffic that forces the server to consume excessive resources.
Successful exploitation may allow an attacker to trigger a Denial of Service (DoS) condition, causing the server to use excessive CPU or memory resources. This can result in temporary disruption of web applications and services running on affected NGINX servers. CVE-2026-1642 carries a CVSS v3.1 score of 5.9 (Medium).
F5 addressed the issue through updates to NGINX Open Source, improving request handling and resource management when processing malformed inputs. Systems running vulnerable versions remain at risk of service disruption until the patched version is deployed.
Key Details
- Affected Product
- F5 Nginx Gateway Fabric
- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-349