Nginx Plus F5 Networks Nginx Plus

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in F5 Networks Nginx Plus.

Recent F5 Networks Nginx Plus Security Advisories

Advisory Title Published
K000140108 K000140108: NGINX Plus MQTT vulnerability CVE-2024-39792 August 14, 2024
K12331123 NGINX Plus and Open Source vulnerability CVE-2021-23017 May 25, 2021

By the Year

In 2025 there have been 0 vulnerabilities in F5 Networks Nginx Plus. Last year, in 2024 Nginx Plus had 2 security vulnerabilities published. Right now, Nginx Plus is on track to have less security vulnerabilities in 2025 than it did last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 2 6.10
2023 1 7.50
2022 1 7.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Nginx Plus vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent F5 Networks Nginx Plus Security Vulnerabilities

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests

CVE-2024-39792 7.5 - High - August 14, 2024

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Operation on a Resource after Expiration or Release

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might

CVE-2024-7347 4.7 - Medium - August 14, 2024

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Out-of-bounds Read

The HTTP/2 protocol

CVE-2023-44487 7.5 - High - October 10, 2023

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Resource Exhaustion

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module

CVE-2022-41743 7 - High - October 19, 2022

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for F5 Networks Nginx Ingress Controller or by F5 Networks? Click the Watch button to subscribe.

F5 Networks
Vendor

subscribe