CVE-2026-60065
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-125
Lectura fuera de límites
Fecha de publicación:
15/07/2026
Última modificación:
15/07/2026
Descripción
*** Pendiente de traducción *** When NGINX Plus is configured to use the Message Queuing Telemetry Transport (MQTT) filter module (ngx_stream_mqtt_filter_module), unauthenticated attackers can send requests with conditions beyond the attacker&#39;s control to cause a heap buffer over-read in the NGINX worker process, leading to a restart.<br />
<br />
Impact:<br />
This vulnerability may allow remote unauthenticated attackers to have limited control to restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.<br />
<br />
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Impacto
Puntuación base 4.0
6.30
Gravedad 4.0
MEDIA
Puntuación base 3.x
3.70
Gravedad 3.x
BAJA



