CVE-2026-40701

Published: Mag 13, 2026 Last Modified: Mag 13, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 4,8
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: low

Description

AI Translation Available

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to 'on' or 'optional,' and the ssl_ocsp directive is set to 'on' or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

416

Use After Free

Stable
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Confidentiality
Potential Impacts:
Modify Memory Dos: Crash, Exit, Or Restart Read Memory Execute Unauthorized Code Or Commands
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
https://my.f5.com/manage/s/article/K000161021
https://my.f5.com/manage/s/article/K000161021