CVE Tools
Back to feed
SecurityWeek ·EN-US News source Patch releasedNGINX PlusNGINX Open SourceBIG-IP

F5 Patches Multiple NGINX, BIG-IP Vulnerabilities

By Ionut Arghire··2 min read
CVE Tools coverage

F5 has issued an urgent security update addressing eight vulnerabilities affecting its NGINX and BIG-IP products. Among them is CVE-2026-42533, a critical heap buffer overflow flaw with a CVSS score of 9.2 that could allow attackers to restart the NGINX worker process or execute code under specific conditions. The vulnerabilities span both open-source and enterprise offerings, including NGINX Plus, NGINX Open Source, and BIG-IP. These issues range from potential memory leaks and denial-of-service risks to unauthorized configuration changes. While no evidence of real-world exploitation was reported, users are strongly advised to apply the available patches immediately.