CVE-2026-42946: CWE-789: Memory Allocation with Excessive Size Value in F5 NGINX Plus
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI Analysis
Technical Summary
This vulnerability involves improper memory allocation handling in the ngx_http_scgi_module and ngx_http_uwsgi_module of F5 NGINX Plus (versions R32 and R36). When configured with scgi_pass or uwsgi_pass, an attacker capable of intercepting and modifying upstream server responses (MITM) may trigger excessive memory allocation or cause an over-read of the NGINX worker process memory. This can result in partial memory disclosure or cause the worker process to restart, impacting availability. The CVSS 3.1 base score is 6.5, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, no user interaction, high confidentiality impact, no integrity impact, and low availability impact. The vulnerability is tracked as CWE-789 (Memory Allocation with Excessive Size Value) and CWE-823 (Use of Out-of-bounds Pointer). There is no vendor advisory or patch available at this time, and the product is not a cloud service.
Potential Impact
An attacker with man-in-the-middle capability can exploit this vulnerability to read memory from the NGINX worker process or cause it to restart, potentially leading to information disclosure and temporary denial of service. The impact on confidentiality is high, while integrity is unaffected and availability impact is low.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should consider mitigating the risk by restricting network paths to prevent man-in-the-middle attacks on upstream server communications or disabling the affected modules if not in use. Monitor vendor channels for updates and apply patches promptly once available.
CVE-2026-42946: CWE-789: Memory Allocation with Excessive Size Value in F5 NGINX Plus
Description
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to read the memory of the NGINX worker process or restart it. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper memory allocation handling in the ngx_http_scgi_module and ngx_http_uwsgi_module of F5 NGINX Plus (versions R32 and R36). When configured with scgi_pass or uwsgi_pass, an attacker capable of intercepting and modifying upstream server responses (MITM) may trigger excessive memory allocation or cause an over-read of the NGINX worker process memory. This can result in partial memory disclosure or cause the worker process to restart, impacting availability. The CVSS 3.1 base score is 6.5, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, no user interaction, high confidentiality impact, no integrity impact, and low availability impact. The vulnerability is tracked as CWE-789 (Memory Allocation with Excessive Size Value) and CWE-823 (Use of Out-of-bounds Pointer). There is no vendor advisory or patch available at this time, and the product is not a cloud service.
Potential Impact
An attacker with man-in-the-middle capability can exploit this vulnerability to read memory from the NGINX worker process or cause it to restart, potentially leading to information disclosure and temporary denial of service. The impact on confidentiality is high, while integrity is unaffected and availability impact is low.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should consider mitigating the risk by restricting network paths to prevent man-in-the-middle attacks on upstream server communications or disabling the affected modules if not in use. Monitor vendor channels for updates and apply patches promptly once available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- f5
- Date Reserved
- 2026-04-30T23:04:27.965Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a049717cbff5d8610e00321
Added to database: 5/13/2026, 3:21:59 PM
Last enriched: 5/13/2026, 3:38:39 PM
Last updated: 5/14/2026, 6:48:21 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.