Skip to content

NGINX vulnerability CVE-2026-1642 #5281

New issue
New issue
Open
Open
NGINX vulnerability CVE-2026-1642#5281
Labels
bug
@flostyen

Description

@flostyen
flostyen
opened on Feb 6, 2026

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug

NGINX vulnerability CVE-2026-1642

https://my.f5.com/manage/s/article/K000159824

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. (CVE-2026-1642)

Nginx Fixed versions:
1.29.5
1.28.2

Nginx Proxy Manager Version
2.13.7

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions