CVE-2026-48142EXPLOITEDPATCHED

f5 · nginx open source

NGINX ngx_http_charset_module vulnerability

Description

A vulnerability identified as critical has been detected in F5 NGINX Open Source and NGINX Plus up to 1.30.2/1.31.1. This affects an unknown function. The manipulation leads to out-of-bounds read.

Affected Products

Vendor	Product	Versions
f5	nginx open source	1.13.10, 1.30.0, 37.0, R36, 1.30.2, 1.31.1

References

https://my.f5.com/manage/s/article/K000161585(vendor-advisory)

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-48142 | F5 NGINX Open Source/NGINX Plus up to 1.30.2/1.31.1 out-of-bounds (K000161585)

→ No new info (linked only)

CVSS 3.14.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.31.21.30.337.0.2.1R36 P6

CWECWE-125

PublishedJun 17, 2026

Last enriched6h agov2

Trending Score48

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-42945EXPKEV

NGINX ngx_http_rewrite_module vulnerability

Trending: 95

HIGHCVE-2026-42530EXP

NGINX Open-Source ngx_http_v3_module vulnerability

Trending: 50

HIGHCVE-2026-11311EXP

NGINX Gateway Fabric vulnerability

Trending: 50

HIGHCVE-2026-42055

NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

Trending: 31

PRE-CVE

Multiple Vulnerabilities in F5 and NGINX Products

Trending: 20

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 17, 2026

Actively Exploited

Jun 17, 2026

Patch Available

Jun 17, 2026

Discovered by ZDM

Jun 17, 2026

Updated: description, affectedVersions, severity, activelyExploited

Jun 17, 2026

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated severity to CRITICAL, added affected versions 1.30.2 and 1.31.1, and corrected exploit availability to false.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v17h ago

Initial creation