All CosmicBytez Labs articles tagged #NGINX, across news, security advisories, how-to guides, and projects.
A vulnerability in NGINX Plus and NGINX Open Source allows map directives using regex matching with capture variables to trigger memory corruption when the capture variable is referenced before the map output variable.
F5 has released emergency security updates for two critical vulnerabilities in NGINX Open Source, including a CVSS 9.2 use-after-free flaw in the HTTP/3...
A heap buffer overflow in NGINX's rewrite module is under active exploitation, days after disclosure. The CVSS 9.2 flaw impacts both NGINX Plus and Open...
A proof-of-concept exploit has been released for a critical-severity NGINX vulnerability that has existed in the rewrite module for nearly two decades....
Researchers have disclosed multiple critical vulnerabilities in NGINX Plus and NGINX Open Source, including a heap buffer overflow in...
An autonomous scanning system has uncovered an 18-year-old flaw in the NGINX open-source web server that can be exploited for denial of service and, under...
A critical authentication bypass vulnerability in nginx-ui, a popular open-source web-based Nginx management interface, is being actively exploited to...
Deploy CrowdSec on a Linux server to get community-powered intrusion prevention — block brute-force attacks, credential stuffing, and vulnerability...
When ngx_mail_auth_http_module is enabled with CRAM-MD5 or APOP authentication and the backend permits Auth-Wait retries, undisclosed requests can crash...
CVE-2026-1642 affects NGINX OSS and Plus when proxying to upstream TLS servers, allowing attackers to inject plaintext data into responses.