Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

F5 security patch release for CVE-2026-42530

Security Patch Release
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

F5 released security updates for NGINX Open Source after finding two critical vulnerabilities that could lead to remote code execution on affected systems. The patch set covers CVE-2026-42530 and CVE-2026-42055, with fixed builds spanning NGINX Open Source and related NGINX products. Administrators using the affected HTTP/3, HTTP/2, proxy, WAF, and ingress components need to move to the fixed versions to remove the code-execution risk.

Related Happenings

F5 NGINX out-of-band security updates (multiple vulnerabilities)

Security Patch Release
H score34 First: 18.06.2026 14:33 Last: 18.06.2026 14:33 Sources 1

About this happening: **F5** released **out-of-band security updates** for **NGINX** after finding multiple web server vulnerabilities, including **two critical flaws** that could enable **remote code...

Open Happening

JCE Pro 2.9.99.6 patch for CVE-2026-48907

Security Patch Release
H score46 First: 17.06.2026 13:09 Last: 17.06.2026 13:09 Sources 1

About this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...

Open Happening

Nginx security patch release for CVE-2026-49975

Security Patch Release
H score42 First: 03.06.2026 22:08 Last: 03.06.2026 22:08 Sources 1

About this happening: Vendors released fixes for the **HTTP/2 Bomb** DoS issue, closing a path that could let a **single client** exhaust server memory within seconds. The patch set covers **nginx 1.29...

Open Happening

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
H score42 First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Latest development: 16.06.2026 13:47

CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.

Open Happening

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Timeline

  1. 18.06.2026 20:32 2 articles · 2h ago

    F5 releases security updates for critical NGINX Open Source flaws

    Mitigation Patch Update

    F5 released security updates for NGINX Open Source and related NGINX products to address CVE-2026-42530 and CVE-2026-42055, two critical flaws that could let a remote unauthenticated attacker achieve code execution on affected systems. Fixed versions include NGINX Open Source 1.31.2 and 1.30.3, NGINX Gateway Fabric 2.6.4, NGINX Plus 37.0.2.1 and R36 P6, while the advisory recommends disabling HTTP/3 for CVE-2026-42530 or removing ignore_invalid_headers off and reducing large_client_header_buffers below 2 MB for CVE-2026-42055.

    Show sources
    Open in new tab