CVE-2026-42926
MediumCVSS 5.8Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
A vulnerability in NGINX Open Source allows an attacker to inject frame headers and payload bytes to the upstream peer when configured to proxy HTTP/2 and using proxy_set_body.
Risk Assessment
This could lead to unauthorized access to data or manipulation of communication between servers.
Recommendation
It is recommended to avoid using proxy_set_body in HTTP/2 proxy configurations or to upgrade to versions that are not under EoTS.
Original NVD description (English source)
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

