CVE-2026-1642: A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a…

high8.2CVSS 4.0

AVNACLATPPRNUINVCNVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected

34 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	nginx	< nginx 1.22.1-9+deb12u4 (bookworm)	nginx 1.22.1-9+deb12u4 (bookworm)
f5	nginx	>= 0 < 1.22.1-9+deb12u4	1.22.1-9+deb12u4
f5	nginx	>= 0 < 1.26.3-3+deb13u2	1.26.3-3+deb13u2
f5	nginx	>= 0 < 1.28.1-3	1.28.1-3
f5	nginx_gateway_fabric	—	—
f5	nginx_gateway_fabric	1.2.0 – 1.6.2	—
f5	nginx_gateway_fabric	>= 2.0.0 < 2.4.1	2.4.1
f5	nginx_ingress_controller	—	—
f5	nginx_ingress_controller	3.4.0 – 3.7.2	—
f5	nginx_ingress_controller	4.0.0 – 4.0.1	—
f5	nginx_ingress_controller	>= 5.0.0 < 5.3.3	5.3.3
f5	nginx_instance_manager	—	—
f5	nginx_instance_manager	2.15.1 – 2.21.0	—
f5	nginx_open_source	—	—
f5	nginx_open_source	>= 1.29.0 < 1.29.5	1.29.5
f5	nginx_open_source	>= 1.3.0 < 1.29.5	1.29.5
f5	nginx_open_source	>= 1.3.0 < 1.28.2	1.28.2
f5	nginx_plus	—	—
f5	nginx_plus	—	—
f5	nginx_plus	—	—
f5	nginx_plus	—	—
f5	nginx_plus	—	—
f5	nginx_plus	—	—
f5	nginx_plus	>= R32 < R32 P4	R32 P4
f5	nginx_plus	>= R33 < *	*

CVSS provenance

nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

osv8.2HIGH