CVE-2026-1642
Unknown Unknown - Not Provided
TLS Proxy Injection Vulnerability in NGINX OSS and Plus

Publication date: 2026-02-04

Last updated on: 2026-02-13

Assigner: F5 Networks

Description
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server sideβ€”along with conditions beyond the attacker's controlβ€”may be able to inject plain text data into the response from an upstream proxied server.Β Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-13
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1642
EUVD
EUVD-2026-5498
Affected Vendors & Products
Showing 21 associated CPEs
Vendor Product Version / Range
f5 nginx_plus r32
f5 nginx_plus r32
f5 nginx_plus r32
f5 nginx_plus r33
f5 nginx_plus r33
f5 nginx_plus r34
f5 nginx_gateway_fabric From 1.2.0 (inc) to 1.6.2 (inc)
f5 nginx_ingress_controller From 3.4.0 (inc) to 3.7.2 (inc)
f5 nginx_ingress_controller From 4.0.0 (inc) to 4.0.1 (inc)
f5 nginx_instance_manager From 2.15.1 (inc) to 2.21.0 (inc)
f5 nginx_open_source From 1.29.0 (inc) to 1.29.5 (exc)
f5 nginx_open_source From 1.3.0 (inc) to 1.28.2 (exc)
f5 nginx_plus r32
f5 nginx_plus r33
f5 nginx_plus r34
f5 nginx_plus r35
f5 nginx_plus r36
f5 nginx_plus r36
f5 nginx_gateway_fabric From 2.0.0 (inc) to 2.4.1 (exc)
f5 nginx_ingress_controller From 5.0.0 (inc) to 5.3.3 (exc)
f5 nginx_plus From r33 (inc) to r35 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-349 The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in NGINX OSS and NGINX Plus when they are configured to proxy to upstream Transport Layer Security (TLS) servers.

An attacker who is in a man-in-the-middle (MITM) position on the upstream server side, and under certain conditions beyond the attacker's control, may be able to inject plain text data into the response from the upstream proxied server.


How can this vulnerability impact me? :

The vulnerability can allow an attacker positioned as a man-in-the-middle on the upstream server side to inject plain text data into responses from the proxied server.

This could lead to integrity issues where the data received by clients is altered without their knowledge.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart