NGINX JavaScript has a vulnerability when the...
Critical severity
Unreviewed
Published
May 19, 2026
to the GitHub Advisory Database
•
Updated May 19, 2026
Description
Published by the National Vulnerability Database
May 19, 2026
Published to the GitHub Advisory Database
May 19, 2026
Last updated
May 19, 2026
NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_, $arg_, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR) disabled, code execution is possible.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References