CVE-2026-27654 – NGINX

CVSS 8.2 IMPORTANT

“A high-severity gap in NGINX exposes critical web infrastructure to avoidable risk.”

This patch addresses CVE-2026-27654 in F5’s NGINX Open Source. The vulnerability introduces a high-impact weakness in a widely deployed web server component, potentially affecting availability or security of hosted applications. The CVSS score is 8.2, which is High severity, signaling a serious threat to exposed systems.

There is no verified evidence of real-world exploitation or proof-of-concept code at this time. However, the severity level alone warrants prompt attention, especially given NGINX’s role in front-end infrastructure. Applying the patch reduces the risk of service disruption or compromise.

Key Details

Affected Product
F5 Nginx Plus
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-122
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.