{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1642", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2026-01-29T18:26:26.996Z", "datePublished": "2026-02-04T15:02:06.154Z", "dateUpdated": "2026-02-05T05:25:39.303Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "NGINX Open Source", "vendor": "F5", "versions": [{"changes": [{"at": "1.28.2", "status": "unaffected"}], "lessThan": "1.29.5", "status": "affected", "version": "1.3.0", "versionType": "semver"}]}, {"defaultStatus": "unknown", "product": "NGINX Plus", "vendor": "F5", "versions": [{"lessThan": "R36 P2", "status": "affected", "version": "R36", "versionType": "custom"}, {"lessThan": "R35 P1", "status": "affected", "version": "R35", "versionType": "custom"}, {"lessThan": "*", "status": "affected", "version": "R34", "versionType": "custom"}, {"lessThan": "*", "status": "affected", "version": "R33", "versionType": "custom"}, {"lessThan": "R32 P4", "status": "affected", "version": "R32", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "datePublic": "2026-02-04T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker's control\u2014may be able to inject plain text data into the response from an upstream proxied server.&nbsp;&nbsp;</span></span>Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n</span><br>"}], "value": "A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker's control\u2014may be able to inject plain text data into the response from an upstream proxied server.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.2, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-349", "description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2026-02-04T15:02:06.154Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000159824"}], "source": {"discovery": "INTERNAL"}, "title": "NGINX vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T16:01:47.913148Z", "id": "CVE-2026-1642", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T16:02:24.781Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/02/05/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-05T05:25:39.303Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/02/05/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-05T05:25:39.303Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1642", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-04T16:01:47.913148Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T16:02:17.994Z"}}], "cna": {"title": "NGINX vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "F5"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "F5", "product": "NGINX Open Source", "versions": [{"status": "affected", "changes": [{"at": "1.28.2", "status": "unaffected"}], "version": "1.3.0", "lessThan": "1.29.5", "versionType": "semver"}], "defaultStatus": "unknown"}, {"vendor": "F5", "product": "NGINX Plus", "versions": [{"status": "affected", "version": "R36", "lessThan": "R36 P2", "versionType": "custom"}, {"status": "affected", "version": "R35", "lessThan": "R35 P1", "versionType": "custom"}, {"status": "affected", "version": "R34", "lessThan": "*", "versionType": "custom"}, {"status": "affected", "version": "R33", "lessThan": "*", "versionType": "custom"}, {"status": "affected", "version": "R32", "lessThan": "R32 P4", "versionType": "custom"}], "defaultStatus": "unknown"}], "datePublic": "2026-02-04T15:00:00.000Z", "references": [{"url": "https://my.f5.com/manage/s/article/K000159824", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "F5 SIRTBot v1.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker's control\u2014may be able to inject plain text data into the response from an upstream proxied server.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker's control\u2014may be able to inject plain text data into the response from an upstream proxied server.&nbsp;&nbsp;</span></span>Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-349", "description": "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2026-02-04T15:02:06.154Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1642", "state": "PUBLISHED", "dateUpdated": "2026-02-05T05:25:39.303Z", "dateReserved": "2026-01-29T18:26:26.996Z", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "datePublished": "2026-02-04T15:02:06.154Z", "assignerShortName": "f5"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE3A85CC-50DD-4BE7-A8BF-F2AA2744FCDB", "versionEndIncluding": "1.6.2", "versionStartIncluding": "1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*", "matchCriteriaId": "95483FC6-1850-4C56-95C6-D65AEF39C5E4", "versionEndExcluding": "2.4.1", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "53459EB1-5EAE-4F38-86CC-303408A91124", "versionEndIncluding": "3.7.2", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73A1CDBB-49F6-4AB6-AA67-542FD8017D6A", "versionEndIncluding": "4.0.1", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "48DC8DC2-497F-48F9-A68B-8EA8DAA507E0", "versionEndExcluding": "5.3.3", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "05880D9D-7C68-42A8-9374-8BF4E6403757", "versionEndIncluding": "2.21.0", "versionStartIncluding": "2.15.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*", "matchCriteriaId": "156F74E8-589F-43FC-AD64-74E2BFD11A62", "versionEndExcluding": "1.28.2", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*", "matchCriteriaId": "6205FEE4-C23C-4FBA-953D-35E8B8644D64", "versionEndExcluding": "1.29.5", "versionStartIncluding": "1.29.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7600A88-7651-4D8E-A04A-3AA81C850CC5", "versionEndExcluding": "r35", "versionStartIncluding": "r33", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*", "matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*", "matchCriteriaId": "FA913184-EAAD-409E-99C6-AB979DAA93F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*", "matchCriteriaId": "782DF180-1101-4D6A-A1D7-8DADBAF6D9D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*", "matchCriteriaId": "FB0B11F2-4748-492B-9906-F8C4C5EAFF12", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*", "matchCriteriaId": "46DC49B8-7286-4867-9CDA-1C1B469CD304", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*", "matchCriteriaId": "43477C2E-7485-4146-B25C-F58D632CD85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p3:*:*:*:*:*:*", "matchCriteriaId": "6A25B9CF-02C0-42DE-9C70-F2AD3ACE3CEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*", "matchCriteriaId": "7453D683-FCA7-46EE-BE49-5FD9A01D7F87", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r34:p2:*:*:*:*:*:*", "matchCriteriaId": "A977BF9F-D165-4B93-B4D2-A177883A5E75", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r35:-:*:*:*:*:*:*", "matchCriteriaId": "5D5FFD66-35C3-41AD-BD77-510E34A3AC6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r36:-:*:*:*:*:*:*", "matchCriteriaId": "E7E5F940-048A-446F-9A1E-074612CEA1AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r36:p1:*:*:*:*:*:*", "matchCriteriaId": "7993A0FB-BE7E-4634-BF7F-FDEE3582D3E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker's control\u2014may be able to inject plain text data into the response from an upstream proxied server.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "id": "CVE-2026-1642", "lastModified": "2026-02-13T21:35:01.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "f5sirt@f5.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f5sirt@f5.com", "type": "Secondary"}]}, "published": "2026-02-04T15:16:14.190", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://my.f5.com/manage/s/article/K000159824"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/02/05/1"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-349"}], "source": "f5sirt@f5.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections", "id": "2436738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-349", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-1642", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "nginx", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "nginx:1.24/nginx", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nginx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nginx:1.24/nginx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nginx:1.26/nginx", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:insights_proxy:1", "fix_state": "Affected", "package_name": "insights-proxy/insights-proxy-container-rhel9", "product_name": "Red Hat Lightspeed proxy 1"}], "public_date": "2026-02-04T15:02:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-1642\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-1642\nhttps://my.f5.com/manage/s/article/K000159824"], "threat_severity": "Moderate"}

{"created": "2026-02-04T21:17:45.794163+00:00", "updated": "2026-02-04T21:17:45.794197+00:00", "vendors": ["f5", "f5$PRODUCT$nginx_open_source", "f5$PRODUCT$nginx_plus"]}