← Back

CVE-2026-48142

nvd nist
Published: Jun 17, 2026Modified: Jun 22, 2026

JSON object

Loading...
6.3
Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: f5sirt@f5.com (Secondary)

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location block with both source_charset utf-8; and a charset directive (for example, charset koi8-r;) configured, remote, unauthenticated attackers can send requests (in conjunction with conditions beyond their control) to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (15)

7 products
Dos
Nginx Gateway Fabric
Nginx Ingress Controller
Nginx Instance Manager
Nginx Open Source
Nginx Plus
Waf
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
F5
From 4.3.0 to 4.7.0
Version 4.9.0
F5
From 1.3.0 to 1.6.2
From 2.0.0 to 2.6.3
F5
From 3.5.0 to 3.7.2
From 4.0.0 to 4.0.1
From 5.0.0 to 5.5.0
From 2.17.0 to 2.22.0
F5
From 1.0.0 to 1.30.2
From 1.31.0 to 1.31.1
F5
From 37.0.0 to 37.0.1
From r33 to r36
F5
From 4.10.0 to 4.16.0
From 5.2.0 to 5.8.0
From 5.9.0 to 5.13.1

References (1)

Source: f5sirt@f5.com
Vendor Advisory

Timeline

No history available yet.