NGINX Plus and NGINX Open Source ngx_http_ssi_module Heap Buffer Over-Read Vulnerability

Vulnerability

A heap buffer over-read vulnerability has been identified in the ngx_http_ssi_module of NGINX Plus and NGINX Open Source. This issue arises when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. An unauthenticated attacker with man-in-the-middle capabilities to manipulate responses from an upstream server may exploit this vulnerability, potentially leading to limited memory modification or a restart of the NGINX worker process.

Impact

Exploitation of this vulnerability may allow remote attackers to cause a heap buffer over-read in the NGINX worker process, leading to a limited modification of memory contents or a restart of the worker process.

Remediation

Users can upgrade to NGINX Plus versions 37.0.3.1 or NGINX Open Source versions 1.31.3 or 1.30.4 to address this vulnerability. For NGINX Instance Manager, versions 2.22.1 and later are recommended. In NGINX Gateway Fabric, version 2.6.7 or later should be used. For NGINX Ingress Controller, versions 2026-lts-r4 and 5.5.3 or later are advised.

Added: Jul 15, 2026, 3:40 PM
Updated: Jul 15, 2026, 3:40 PM

Vulnerability Rating

Custom Algorithm
spread
9.4
impact
1.3
exploitability
6.4
remediation
7.7
relevance
9.7
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.