CVE-2026-42934: CWE-125 Out-of-bounds Read in F5 NGINX Plus
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-42934) involves an out-of-bounds read (CWE-125) in the ngx_http_charset_module of NGINX Plus and NGINX Open Source. When the charset-related directives and proxy_pass with buffering off are configured, crafted requests can trigger a heap buffer over-read in the worker process. This may result in limited disclosure of memory contents or cause the NGINX process to restart. The issue affects specific versions (R32, R36) and does not require authentication to exploit. The CVSS 3.1 base score is 4.8, indicating medium severity with network attack vector, high attack complexity, no privileges required, no user interaction, and limited confidentiality and availability impact.
Potential Impact
Successful exploitation can lead to limited disclosure of memory contents or cause the NGINX worker process to restart, potentially disrupting service availability. There is no indication of integrity impact or privilege escalation. The vulnerability does not require authentication and can be triggered remotely over the network.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider avoiding configurations that combine charset, source_charset, charset_map directives with proxy_pass and disabled buffering. Monitor vendor communications for updates on patches or workarounds.
CVE-2026-42934: CWE-125 Out-of-bounds Read in F5 NGINX Plus
Description
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-42934) involves an out-of-bounds read (CWE-125) in the ngx_http_charset_module of NGINX Plus and NGINX Open Source. When the charset-related directives and proxy_pass with buffering off are configured, crafted requests can trigger a heap buffer over-read in the worker process. This may result in limited disclosure of memory contents or cause the NGINX process to restart. The issue affects specific versions (R32, R36) and does not require authentication to exploit. The CVSS 3.1 base score is 4.8, indicating medium severity with network attack vector, high attack complexity, no privileges required, no user interaction, and limited confidentiality and availability impact.
Potential Impact
Successful exploitation can lead to limited disclosure of memory contents or cause the NGINX worker process to restart, potentially disrupting service availability. There is no indication of integrity impact or privilege escalation. The vulnerability does not require authentication and can be triggered remotely over the network.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider avoiding configurations that combine charset, source_charset, charset_map directives with proxy_pass and disabled buffering. Monitor vendor communications for updates on patches or workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- f5
- Date Reserved
- 2026-04-30T23:04:27.960Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a049717cbff5d8610e00318
Added to database: 5/13/2026, 3:21:59 PM
Last enriched: 5/13/2026, 3:38:53 PM
Last updated: 5/14/2026, 6:46:33 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.