CVE-2026-8711P2CRITICALCVSS 9.8≥ 0.9.4, < 0.9.92026-05-19
CVE-2026-8711 [CRITICAL] CWE-122 CVE-2026-8711: NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least o
NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This ma
nvd