vulnerability
Alma Linux: CVE-2026-1642: Moderate: nginx:1.24 security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:C/A:N) | Mar 3, 2026 | Mar 9, 2026 | Apr 20, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:C/A:N)
Published
Mar 3, 2026
Added
Mar 9, 2026
Modified
Apr 20, 2026
Description
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Solutions
alma-upgrade-nginxalma-upgrade-nginx-all-modulesalma-upgrade-nginx-corealma-upgrade-nginx-filesystemalma-upgrade-nginx-mod-develalma-upgrade-nginx-mod-http-image-filteralma-upgrade-nginx-mod-http-perlalma-upgrade-nginx-mod-http-xslt-filteralma-upgrade-nginx-mod-mailalma-upgrade-nginx-mod-stream
References
- CVE-2026-1642
- https://attackerkb.com/topics/CVE-2026-1642
- CWE-345
- CWE-349
- EUVD-EUVD-2026-5498
- https://errata.almalinux.org/8/ALSA-2026-5581.html
- https://errata.almalinux.org/9/ALSA-2026-3638.html
- https://errata.almalinux.org/9/ALSA-2026-4235.html
- https://errata.almalinux.org/9/ALSA-2026-5599.html
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-5498
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.