Cve-2026-42530

🔴 Critical | Source: The Hacker News F5 has patched two critical vulnerabilities in NGINX Open Source, both of which could allow a remote, unauthenticated attacker to execute arbitrary code on affected systems. The flaws reside in the HTTP/3 module and carry a CVSS v4 score of 9.2, indicating high exploitability with no authentication required. NGINX is one of the world’s most widely deployed web servers and reverse proxies, making the blast radius of these vulnerabilities significant. ...