NGINX TLS Proxy MITM Plain Text Injection
CVE-2026-1642 Published on February 4, 2026
NGINX vulnerability
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server sidealong with conditions beyond the attacker's controlmay be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Vulnerability Analysis
CVE-2026-1642 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
Acceptance of Extraneous Untrusted Data With Trusted Data
The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
Products Associated with CVE-2026-1642
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-1642 are published in these products:
Affected Versions
F5 NGINX Open Source:- Version 1.3.0 and below 1.29.5 is affected.
- Version R36 and below R36 P2 is affected.
- Version R35 and below R35 P1 is affected.
- Version R34 and below * is affected.
- Version R33 and below * is affected.
- Version R32 and below R32 P4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.