VDB

CVE-2026-9256

CVE-2026-9256 PUBLISHED

ea-nginx – version v1.31.0 ea-nginx-passenger – version v6.1.2 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

EPSS 0.24% · 46.9th percentile

Risk Scores

EPSS Score
0.24%
46.9th percentile

Affected Products

VendorProductVersions
F5F5 DoS pour NGINX – version 4.9.0;
ea-nginx-passengerea-nginx-passenger – version v6.1.2
NGINXNGINX App Protect WAF – multiple versions
NGINXNGINX Ingress Controller – multiple versions
NGINXNGINX Plus – multiples versions;
F5F5 WAF pour NGINX – de la version 5.9.0 à13.0;
NGINXNGINX App Protect WAF – multiples versions;
F5F5 WAF for NGINX – versions 5.9.0 to 5.13.0
NGINXNGINX Gateway Fabric – multiples versions;
NGINXNGINX Ingress Controller – multiples versions.
NGINXNGINX Instance Manager – versions 2.17.0 to 2.22.0
NGINXNGINX Open Source – multiples versions;
NGINXNGINX Plus – multiple versions
NGINXNGINX Gateway Fabric – multiple versions
NGINXNGINX App Protect DoS – versions 4.3.0 to 4.7.0
NGINXNGINX Open Source – multiple versions
ea-nginxea-nginx – version v1.31.0
NGINXNGINX Instance Manager – de la version 2.17.0 à22.0;
F5F5 DoS for NGINX – version 4.9.0
NGINXNGINX App Protect DoS – de la version 4.3.0 à7.0;

Timeline

  • May 22, 2026 PoC Published
  • May 22, 2026 CVE Published
  • May 22, 2026 PoC Published
  • May 22, 2026 PoC Published
  • May 22, 2026 PoC Published
  • May 22, 2026 PoC Published
  • May 22, 2026 PoC Published
  • May 22, 2026 PoC Published
  • May 22, 2026 PoC Published
  • May 22, 2026 PoC Published
  • May 23, 2026 EPSS Score
  • May 23, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›