NGINX releases security updates
Several vulnerabilities have been discovered in the NGINX web server. A malicious user could exploit these vulnerabilities (CVE-2026-8711, CVE-2026-40460, CVE-2026-40701, CVE-2026-42926, CVE-2026-42934, CVE-2026-42945, CVE-2026-42946) to trigger denial of service condition, remote code execution, data manipulation, spoofing, security restriction bypass and sensitive information disclosure on the targeted system. To address these vulnerabilities, the Nginx developers have released njs-0.9.9, nginx-1.30.1 (Stable), and nginx-1.31.0 (Mainline) versions. The Nginx developers have also released versions nginx-1.30.2 (Stable) and nginx-1.31.1 (Mainline) to address a buffer overflow vulnerability (CVE-2026-9256).
More information on vulnerabilities and updates is available in NGINX security advisory – nginx.org.
25 May 2026