CVE Catalog

CVE-2026-42926

MediumCVSS 5.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile - higher than 24% of all known CVEs

Summary

A vulnerability in NGINX Open Source allows an attacker to inject frame headers and payload bytes to the upstream peer when configured to proxy HTTP/2 and using proxy_set_body.

Risk Assessment

This could lead to unauthorized access to data or manipulation of communication between servers.

Recommendation

It is recommended to avoid using proxy_set_body in HTTP/2 proxy configurations or to upgrade to versions that are not under EoTS.

Original NVD description (English source)

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS