When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XF5 nginx Plus
APPF5r30r31r32
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
References
Related vulnerabilities
CVE-2026-42055CRITICAL9.2ten sam produkt
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module...
CVE-2026-9256CRITICAL9.2PL ✓ten sam produkt
Heap buffer overflow w NGINX w module ngx_http_rewrite_module (RCE)
CVE-2026-42945CRITICAL9.2PL ✓ten sam produkt
NGINX heap buffer overflow w module ngx_http_rewrite_module (RCE/restart)
CVE-2026-42946HIGH8.3ten sam produkt
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excess...
CVE-2026-32647HIGH8.5ten sam produkt
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an ...