CNNVD-202602-533 Information
CNNVD ID
CNNVD-202602-533
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
F5 NGINX Plus和F5 NGINX Open Source都是美国F5公司的产品。F5 NGINX Plus是一个基于软件的应用程序交付平台。F5 NGINX Open Source是一个高性能Web服务器、反向代理服务器、负载均衡器和API网关。 F5 NGINX Plus和F5 NGINX Open Source存在安全漏洞,该漏洞源于配置为代理上游TLS服务器时,可能导致中间人攻击者向响应中注入明文数据。
Description (English)
F5 NGINX Plus and F5 NGINX Open Source are products of United States F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance Web server, reverse proxy server, load balancer and API gateway. F5 NGINX Plus and F5 NGINX Open Source had a security loophole, which had its origin in the configuration of the agent’s upstream TLS server, which could have caused the middlemen to inject explicit data into the response.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
F5
Published
2026-02-04
Last Modified
2026-02-24
References
https://my.f5.com/manage/s/article/K000159824 https://access.redhat.com/security/cve/cve-2026-1642
Patch
https://my.f5.com/manage/s/article/K000159824
Share on: