F5 NGINX Plus
Moderate fix2 remedies
cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= R32, <= R36
NGINX ngx_http_scgi_module and ngx_http_uwsgi_module Excessive Memory Allocation and Over-read Vulnerability
Vulnerability
Patched
A vulnerability in the NGINX ngx_http_scgi_module and ngx_http_uwsgi_module can lead to excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is set up, an unauthenticated attacker with man-in-the-middle capabilities to manipulate upstream server responses may exploit this vulnerability to read the memory of the NGINX worker process or to restart it.
Impact
Exploitation of this vulnerability could allow an attacker to read the memory of the NGINX worker process or to restart the process, potentially disrupting service.
Remediation
Users can upgrade to NGINX versions 1.31.0, 1.30.1, or NGINX Plus versions 36 P4 or 32 P6. For NGINX Instance Manager, versions 2.21.2 and 2.16.1 are recommended. F5 WAF for NGINX users should upgrade to version 5.12.1, while NGINX App Protect WAF users should move to version 5.8.0. NGINX Ingress Controller users can upgrade to version 5.4.3.
Added: May 13, 2026, 5:40 PM
Updated: May 13, 2026, 5:40 PM
Vulnerability Rating
Custom Algorithm
spread
9.4impact
1.3exploitability
6.4remediation
7.7relevance
8.2threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.